Scheduling platform FlexBooker apologized this week for a data breach that involved the sensitive information of 3.7 million users.
In a statement, the company told ZDNet a portion of its customer database had been breached after its AWS servers were compromised on December 23. FlexBooker said their “system data storage was also accessed and downloaded” as part of the attack.
They added they worked with Amazon to restore a backup and they were able to bring operations back in about 12 hours.
“We sent a notification to all affected parties and have worked with Amazon Web Services, our hosting provider, to ensure that our accounts are re-secured,” a spokesperson said. “We deeply apologize for the inconvenience caused by this issue.”
The spokesperson said the data was “limited to names, email addresses, and phone numbers” and a website notifying customers of the breach says the same thing.
But Australian security expert Troy Hunt, who runs the Have I Been Pwned site that tracks breached information, said the trove of stolen data included password hashes and partial credit card information for some accounts. Hunt added that the data “was found being actively traded on a popular hacking forum.”
A FlexBooker spokesperson confirmed Hunt’s report, telling ZDNet that the