Thursday, February 3, 2022

The Flexbooker Data Breach | Cyber news

The Flexbooker Data Breach | Cyber News

FlexBooker, a digital scheduling platform or online appointment scheduling tool helps in booking appointments, employee calendar synching, automatic time zone conversion, having waitlist feature, integrate other video calling applications. Many tax companies, food and beverage companies and manufacturer companies use FlexBooker within their organization around globe. It helps as smarter way to deal with business. 

In January 2022, FlexBooker accepted and apologized for a data breach occurred in last December, that involved the sensitive information of 3.7 million users including full names, email addresses, phone numbers and appointment details. There were some partial credit card data available along with hash password value. 

The company told that, the customer database which was maintained at ZDNet in an Amazon server.  The Flexbooker have mis-configured the AWS account. That AWS server was compromised by a Distributed Denial of Service (DDoS) attack.  However within next 12 hours Felxbooker have restored their backup and were able to operate normally.

A hacker group known as “Uawrongteam” has claimed responsibility for this DDoS attack. During this incident, the system data storage was accessed and downloaded. After downloading, the data were leaked on an online forum which was a dedicated trading of hacking data in dark web. As per hackers, the database was filled with around 10 million lines of customer information (demographic data).

Things need to be considered to keep safe organizational data:

  • Always use encryption for data at rest and in transit.
  • Organization should review user access policy and user access list on regular interval.
  • Customer should use strong password and change that regularly.
  • Passwords should be protected.
  • Build effective backup system and recovery system in place on a high priority.
  • Protect your system from unexpected power outage.
  • Use firewall and antivirus to protect the sensitive data.
  • Customers should be aware that, they should not give their personal data unless it’s mandatory to provide.
  • As well human error cannot be ignored so continuously educating your work force through training programme is vital to protect the organization from data breach.

So concern about privacy is important!! Never Keep it under estimated. 

-DR
at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Network Scanning Tools

Network Scanning through Nmap and Nessus Network scanning is a process used to troubleshoot active devices on a network for vulnerabilities....

  • Basics of Ethernet
    Ethernet   Ethernet is the Media access method in a network where all the device or hosts , that share data or share the bandwidth in betw...
  • Telecom | STM-1/4/16 SDH Multiplexer- Part 2
    STM-1/4/16 SDH Multiplexer In my older post I have covered the basic STM and STM-1. STM1 is a synchronous digital hierarchy (SDH) is standar...
  • General IT Controls -ITGC & GTAG
    General IT Controls (GITC or ITGC) Information Technology General Controls is a type of internal controls which is combined a set of policie...