Australian Bunnings Customers Appear To Be Caught Up in FlexBooker Breach


Cloud-based scheduling platform FlexBooker suffered a large data breach recently that appears to have affected some 3.7 million people. While the casualty list is growing globally, Bunnings has become the latest known victim of the data breach, with reports indicating private customer data has been exposed.

FlexBooker sells an online scheduling tool that assists with setting up meetings, reservations, and appointments. It is understood Bunnings used this platform for help with its Drive & Collect service.

It is reported Bunnings customers were being told of the breach through well-known breach website Have I Been Pwned and not by Bunnings.

BleepingComputer reported  last week that FlexBooker’s unfortunate data situation was kicked off last month when a denial-of-service attack disrupted the company’s operations just days before Christmas. The amount of people affected is pinned at 3.7 million.

According to Have I Been Pwned, the compromised information includes names, phone numbers, email addresses, passwords, and, in some cases, partial credit card information.

As for the Bunnings impact, Crikey is reporting that its chief information officer Leah Balter confirmed that customers’ data could be included in the leak.

According to the report, Balter said the leak would only include customers’ full name and email address as Bunnings does not collect credit card numbers, phone numbers or passwords when using FlexBooker.

“As soon as we were made aware of the breach, we reached out to customers whose data may have been accessed,” Balter is quoted as saying. “We’re continuing to work with the third-party provider to further understand the details of how this breach occurred, and the processes being put in place to correct it.”

BleepingComputer had also reported that the stolen information was being thrown around on a number of criminal dark web forums. The self-proclaimed perpetrator of the attacks — a group going by the name of “Uawrongteam” — has been sharing links to archived information that is allegedly sourced from the breach.

We’ve reached out to Bunnings for further information and will update this story if we learn more.


Please enter your comment!
Please enter your name here