How DDoS Attack On AWS Results In 3.7m FlexBooker Accounts Being Hacked

US based FlexBooker incident report claims a massive DDoS attack on AWS allowed the theft of data from over 3 million user accounts. The report shows the attack began on Dec. 23rd and was resolved the next day with the help of AWS technical services. On his HaveIBeenPwnd.com site, security researcher Troy Hunt claims to have received the files said they contained data from 3.7 million accounts. He said “the data included email addresses, names, phone numbers and for a small number of accounts, password hashes and partial credit card data. The data was found being actively traded on a popular hacking forum.”

FlexBooker provides appointment scheduling services for any small business that needs to schedule appointment, such as accountants, doctors, lawyers, hair salons, dentists, therapists, mechanics, etc. According to Bleeping computer, the data has been seen being traded on hacker forums by a group calling themselves Uawrongteam. They wrote that “The same intruders are offering databases claiming to be from two other entities: racing media organization Racing.com and Redbourne Group’s rediCASE case management software, both from Australia.”   

Subscribe
Notify of
guest
1 Expert Comment
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Nasser Fattah
Nasser Fattah , Executive Advisor
InfoSec Expert
January 10, 2022 8:19 pm

<p>I am not familiar with the particulars of this attack, but I have seen where DDoS attacks are sometimes launched as a distraction (disrupt vital business services), while the adversary\’s primary goal is to gain access and exfiltrate sensitive information.  We know that there are financial losses associated with system outages, hence, why security teams have all eyes on glass, so to speak, when there is a DDoS attack.  And when this happens, it is important to be prepared for the possibility of a multifaceted attack and be very diligent with monitoring other anomalies happening on the network.</p>

Last edited 5 months ago by Nasser Fattah
Information Security Buzz
1
0
Would love your thoughts, please comment.x
()
x