FlexBooker
  • Total Records9,628,049
  • Unique Emails2,834,414
  • Unique First Names3,600,267

FlexBooker Data Breach: What Happened in December 2021?

In December 2021, FlexBooker, a popular online scheduling and booking platform, suffered a significant data breach that impacted millions of its users. FlexBooker is widely used by businesses for managing appointments and reservations, making the platform a central repository for customer information. The breach was traced back to a compromised account within the company’s AWS (Amazon Web Services) infrastructure. Attackers accessed and downloaded sensitive records, ultimately exposing about 9.6 million account entries. The incident raised concerns due to the nature and volume of data involved, which included users’ names, various contact information, and partially obfuscated payment data.

When Did the FlexBooker Breach Occur?

The breach took place in early December 2021, with malicious actors leveraging unauthorized access to FlexBooker's AWS environment. The intrusion was detected and disclosed later that month as the company became aware of the extent of the compromise.

What Information Was Compromised?

The attackers obtained a wide range of data from FlexBooker’s database. The compromised fields included first and last names, full names, email addresses, phone numbers, hashed passwords, and detailed address information—such as city, zip code, country, and street number with name. In some cases, elements of credit card data were also involved, though not in full form.

How Many Users Were Affected?

In total, the breach affected over 9.6 million records associated with approximately 3.7 million unique accounts. This wide-reaching incident saw entire user profiles with multiple pieces of contact and personal information being exposed.

How Did the FlexBooker Breach Happen?

The root cause of the breach was traced back to a compromised account with high-level access to FlexBooker’s AWS infrastructure. Once inside, the attackers harvested data and exfiltrated sensitive records without authorization. The breach illustrates the substantial risks associated with securing cloud infrastructure and highlights the impact a single breached account can have on large databases.

Timeline of FlexBooker Data Breach Events

  • Early December 2021: Initial intrusion via compromised AWS credentials.
  • December 2021: Attackers accessed and exfiltrated user data from FlexBooker systems.
  • Later December 2021: The breach was discovered, investigated, and publicly disclosed by FlexBooker.

Frequently Asked Questions About the FlexBooker Data Breach

How many users were affected by the FlexBooker data breach?

The FlexBooker breach resulted in over 9.6 million records being exposed, impacting approximately 3.7 million unique accounts.

What type of information was leaked in the FlexBooker breach?

The exposed data included first and last names, full names, email addresses, phone numbers, addresses (including street, city, zip code, and country), and hashed passwords. Some records also contained partial credit card information.

What caused the FlexBooker data breach?

The breach was caused by attackers gaining access to a privileged account within FlexBooker’s AWS environment, which allowed them to steal sensitive user data.

When did the FlexBooker data breach occur?

The breach happened in December 2021, with unauthorized access detected later that month.

How can I check if I'm in the FlexBooker breach?

You can check if your information was part of the FlexBooker breach by utilizing the DeHashed search engine.