Threat actors compromised the FlexBooker accounts of more than 3.7 million users, the attack took place before the holidays. Stolen data are now available for sale on multiple cybercrime forums.
FlexBooker is an online appointment scheduling platform that allows users to schedule appointments and sync employee calendars.
The attack was carried out by a group calling themselves Uawrongteam, who published links to archives and files containing IDs, driver’s licenses, photos. The threat actors claim the stolen database contains customer information, including names, emails, phone numbers, hashed passwords, and password salt.