ShellCodeX
Tools • Events • News • Insights
ShellCodeX Breach Report

FlexBooker Data Breach

flexbooker.com
Significant exposure
Verified breach Passwords exposed
Accounts exposed 3,756,794
Breach date 23 Dec 2021
Added to tracker 06 Jan 2022
Data classes 5

What happened

In December 2021, the online booking service FlexBooker suffered a data breach that exposed 3.7 million accounts. The data included email addresses, names, phone numbers and for a small number of accounts, password hashes and partial credit card data. FlexBooker has identified the breach as originating from a compromised account within their AWS infrastructure. The data was found being actively traded on a popular hacking forum.

Exposed data

Email addresses Names Partial credit card data Passwords Phone numbers

Recommended actions

  • Change your FlexBooker password immediately, and update it anywhere you reused the same password.
  • Enable two-factor authentication on the affected account and on your critical services (email, banking).
  • Watch for targeted phishing emails referencing FlexBooker — attackers weaponise breach data quickly.
  • Monitor your bank and card statements closely and consider requesting a card replacement.
  • Stay alert for smishing (SMS phishing) and SIM-swap attempts using your phone number.
Am I affected? Check whether your email address appears in this breach.
Check on HIBP