Posted on January 13, 2022 at 5:10 PM
FlexBooker has suffered from a distributed denial-of services (DDoS) attack. The attack affected its Amazon AWS servers. This DDoS attack also resulted in a data breach where 3.7 million account records were stolen.
FlexBooker is a popular platform mainly used for scheduling appointments and calendar services. After these client details were leaked to a dark web forum, the company has issued an apology.
3.7 million records leaked
The majority of the leaked details were the basic contact information attached to user profiles. However, additional details show that the credit card numbers of some of the users could have also been exposed.
The data was dumped to a hacking forum known as “Uawrongteam” after being stolen from the company. Details show that the data dump started on December 23, 2021. Besides the data stolen from FlexBooker, data from other targets: Racing.com and the rediCASE Case Management Software, was also dumped.
The attack on FlexBooker is the worst that the company has recorded. Some of the data expose credit card numbers and passwords. The hackers responsible also state that they also have access to the users’ payment forms and driver license photos.
FlexBooker confirmed the breach and even alerted users on the platform about it. The company notes that the breach was because of a DDoS attack on its Amazon AWS servers. The company notes that within 12 hours following the attack, the platform’s full functionality was restored.
While FlexBooker notes that only basic user information was stolen, Troy Hunt from HaveIBeenPwned states that hashed passwords and the last three digits of user credit cards were exposed. Hunt further noted that driver license photos and financial documents were also leaked.
DDoS attacks are usually aimed at overwhelming a server by increasing traffic to make it hard for security teams to detect an attack.
Nasser Fattah from Shares Assessment noted, “We know that there are financial losses associated with system outages, hence, why security teams have all eyes on glass, so to speak, when there is a DDoS attack. And when this happens, it is important to be prepared for the possibility of a multifaceted attack and be very diligent with monitoring other anomalies happening on the network.”
FlexBooker’s response to the data breach
How FlexBooker has handled this attack has shed light on the wanting state of the company’s cybersecurity systems. When the company faced the DDoS attack, it was swift in responding and did not suffer from long outages. However, it did not extend the same swiftness to the data breach.
Details show that the company became aware of the stolen customer data after being made public on the hacking forum. In its report, FlexBooker notes that customers’ payment data was not stolen. However, posts on the hacking forum show evidence of the last three digits of credit card numbers.
Partial credit card information or other financial details cannot be independently to conduct financial fraud. However, the data can be analyzed with previous data collected during other attacks. Such data is largely available on hacker forums.
Furthermore, FlexBooker is a major player in the sector, and this breach could impact a wide range of industries. Some of the leading companies that use FlexBooker include GoDaddy, tax firm H&R Block Canada, and the fast-food retail chain Chipotle. These companies have posted that they use FlexBooker for a wide range of functions, such as scheduling meetings and booking dates for job interviews.
The alerts sent by FlexBooker have been to the companies using its software and the individuals that had scheduled appointments using the service. FlexBooker’s way of issuing this alert could have led to some individuals ignoring the message. Some of those who schedule appointments at companies that use FlexBooker are not aware of the service. Thus, some users could have disregarded the message as a phishing attempt or spam mail.
FlexBooker was also unclear in its explanation of what caused the breach, which could have confused those who received the message. The main motive behind DDoS attacks is not to gain access to servers and bypass security systems. However, in some instances, they can be used to distract the cybersecurity team.
In most cases, DDoS attacks are used to extort payments from companies. The attackers usually run a DDoS attack to overwhelm the network’s traffic and then request payment to halt these attacks and stop launching more attacks.