FlexBooker sells online appointment booking tools that businesses can embed in their websites.
This breach is thesecond time in two months that the company has been mentioned for exposing user data.
While the companyclaimedit had resolved all vulnerabilities in its AWS configuration, that may not have been the case.
Only upon further research did we learn about the first breach.
Up to 19 million, in fact.
The group responsible thenstarted selling access to the data on the dark web.
Independent cybersecurity researchers verified that the stolen data archives were available for sale there.
Understanding a breach and its potential impact takes careful attention and time.
We work hard to publish accurate and trustworthy reports, ensuring everybody who reads them understands their seriousness.
Some affected parties deny the facts, disregarding our research or playing down its impact.
So, we need to be thorough andmake sure everything we find is correct and accurate.
In this case,FlexBooker was using an AWS S3 bucket.
S3 buckets are an increasingly popular enterprise cloud storage solution.
However, users must set up their security protocols manually to protect any data stored therein.
So, we sent another email informing them of a new breach.
For example, a plumbing supply company was using FlexBooker to schedule consultations between employees and customers.
In this instance, PII data for both people were exposed.
FlexBookers S3 bucket was live at the time of discovery and constantly updated with additional data.
In a phishing campaign, criminals send victims fake emails and text messages imitating businesses.
Some bookings exposed incurred cancellation fees, adding a cost to the users.
Hackers would not have any obvious financial gain from such actions.
They could simply decide to engage in such malicious activities for fun.
If users abandon FlexBooker en masse,it may never recover that lost revenue.
Potential users will undoubtedly consider alternatives based on the number of stories about breaches and hacks at FlexBooker.
Amazon provides detailed instructions to AWS users to help them secure S3 buckets and keep them private.
To learn about data vulnerabilities in general, read ourcomplete guide to online privacy.
It shows you the many ways cybercriminals target internet users and the steps you might take to stay safe.
They then examine each data store for any data being leaked.
Our team was able to access this S3 bucket because it was completely unsecured and unencrypted.
The purpose of this web mapping project is to helpmake the internet safer for all users.
Only the data’s owner can know that.
We never sell, store, or expose any information we encounter during our security research.
Our ethical security research team has discovered and disclosed some of the most impactful data breaches in recent years.
This has included an enormous data breach by a Ghanaian government agency thatexposed 100,000s of the countrys citizens.
We also revealed that an Australian marketing company was harvesting and exposingdata collected from 100,000s of people.
You may also want to readour VPN Leak Report and Data Privacy Stats Report.
Help Us Protect The Internet!
Alternatively, anyone cansubmit a breach to vpnMentor, any time, from anywhere, without compromising your privacy.
Check the Leak Box here »
kindly, comment on how to improve this article.
