Hackers have stolen a database of 3.7 million users of online scheduling and appointment platform FlexBooker, containing sensitive customer data.
The breach compromised 3.7 million accounts containing email addresses, names, passwords, phone numbers and partial credit card numbers.
The scheduling platform said its Amazon Web Services (AWS) servers were compromised in December.
FlexBooker said that hackers failed to get any credit card or other payment card information.
FlexBooker sent a data breach notification to customers, confirming the attack and that the intruders accessed and downloaded data on the service’s Amazon cloud storage system, reports Bleepingcomputer.
FlexBooker has apologised for the data breach. It also admitted that its system data storage was accessed and downloaded.
“We sent a notification to all affected parties and have worked with Amazon Web Services, our hosting provider, to ensure that our accounts are re-secured. We deeply apologise for the inconvenience caused by this issue,” FlexBooker said in a statement.
Among FlexBooker’s customers are owners of businesses that need to schedule appointments — from accountants, barbers, doctors, mechanics, lawyers, dentists, gyms, salons, therapists, trainers, spas, and more.
“Claiming the attack seems to be a group calling themselves Uawrongteam, who shared links to archives and files with sensitive information, such as photos, driver’s licenses, and other IDs,” said the report.