FlexBooker, a popular scheduling and calendaring service, apologizes to its customers after 3.7 million records surfaced on a dark web hacker forum. A Distributed Denial of Service (DDOS) attack that hit the company’s Amazon AWS servers has been linked to the breach, which would be an unusual attack vector if the assessment is correct.
The leaked records mainly contained basic contact information contained in user profiles, but it appears credit card numbers were partially exposed for at least some of the accounts.
Has a DDoS attack created an opportunity for a data breach?
A threat group calling itself “Uawrongteam” has been dumping the data stolen from FlexBooker on an underground forum as of December 23. The group also filed stolen data from two other targets at the time: horse racing site Racing.com and Redbourne Group’s rediCASE case management software (used for social services and healthcare…