US based FlexBooker incident report claims a massive DDoS attack on AWS allowed the theft of data from over 3 million user accounts. The report shows the attack began on Dec. 23rd and was resolved the next day with the help of AWS technical services. On his HaveIBeenPwnd.com site, security researcher Troy Hunt claims to have received the files said they contained data from 3.7 million accounts. He said “the data included email addresses, names, phone numbers and for a small number of accounts, password hashes and partial credit card data. The data was found being actively traded on a popular hacking forum.”
FlexBooker provides appointment scheduling services for any small business that needs to schedule appointment, such as accountants, doctors, lawyers, hair salons, dentists, therapists, mechanics, etc. According to Bleeping computer, the data has been seen being traded on hacker forums by a group calling themselves Uawrongteam. They wrote that “The same intruders are offering databases claiming to be from two other entities: racing media organization Racing.com and Redbourne Group’s rediCASE case management software, both from Australia.”