FlexBooker Data Record Dump Sold on Dark Web
In a new instance of a data leak, data belonging to FlexBooker customers has been put up for sale on a dark web forum used by hackers. According to researchers, roughly 3.7 million records have been put up for sale from the FlexBooker leak.
FlexBooker is a website that allows any sort of business to set up an account and have a convenient portal for customers to book lodging, appointments, or anything else the business is offering.
FlexBooker Not the Only Victim
The threat actor responsible for the data breach and who put the stolen records up for sale on the hacking forum goes by the handle "Uawrongteam". The same hacker group pulled off several other attacks in one fell swoop, alongside the FlexBooker data breach. The biggest website focused on horse racing news also became a victim of the same threat actor on the same day.
FlexBooker did send out a notification to customers, informing them of the data breach. The company stated that the threat actor had accessed the company's Amazon Web Services data storage servers and had exfiltrated data. The company's IT team got the situation under control within half a day, but the damage was already done. The initial attack also affected FlexBooker's ability to do business and provide its customers with regular service.
3.7M Records Leaked
The main hub for checking whether any of your accounts have been leaked online, in part or in full, the Have I Been Pwned website, published information on the data dump put up for sale. The dump contains emails, real names, telephone numbers, and also a limited number of partial credit card data records, all totaling 3.7 million records.
Security experts believe the data breach was a result of a successful distributed denial of service attack and stated that with similar attack vectors, it is usually worth it to keep a vigilant eye on the affected network for a while after things have settled down because attacks opening up with a DDoS often comprise multi-vector attacks that may come with secondary threats.