ShellCodeX Breach Report
FlexBooker Data Breach
flexbooker.com
Verified breach
Passwords exposed
Accounts exposed
3,756,794
Breach date
23 Dec 2021
Added to tracker
06 Jan 2022
Data classes
5
What happened
In December 2021, the online booking service FlexBooker suffered a data breach that exposed 3.7 million accounts. The data included email addresses, names, phone numbers and for a small number of accounts, password hashes and partial credit card data. FlexBooker has identified the breach as originating from a compromised account within their AWS infrastructure. The data was found being actively traded on a popular hacking forum.
Exposed data
Email addresses
Names
Partial credit card data
Passwords
Phone numbers
Recommended actions
- Change your FlexBooker password immediately, and update it anywhere you reused the same password.
- Enable two-factor authentication on the affected account and on your critical services (email, banking).
- Watch for targeted phishing emails referencing FlexBooker — attackers weaponise breach data quickly.
- Monitor your bank and card statements closely and consider requesting a card replacement.
- Stay alert for smishing (SMS phishing) and SIM-swap attempts using your phone number.
Am I affected?
Check whether your email address appears in this breach.
Check on HIBP