Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


davidcole

5535 posts

Uber Geek

Trusted

#293221 6-Jan-2022 21:19
Send private message

I’ve just received a domain search alert from haveibeenpwnd for a specific address I use for bunnings only.

 

 

 

Here’s a link to the site https://haveibeenpwned.com/PwnedWebsites#FlexBooker 





Previously known as psycik

OpenHAB: Gigabyte AMD A8 BrixOpenHAB with Aeotech ZWave Controller, Raspberry PI, Wemos D1 Mini, Zwave, Xiaomi Humidity and Temperature sensors
Media:Chromecast v2, ATV4 4k, ATV4, HDHomeRun Dual
Windows 10
Host Plex Server 3x3TB, 4x4TB using DriveBender, Samsung 850 evo 512 GB SSD, Hyper-V Server with 1xW10, 2xUbuntu 20.04 LTS, Backblaze Backups, 


View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
Oblivian
6659 posts

Uber Geek

ID Verified

  #2844674 6-Jan-2022 21:40
Send private message

Looks like they may not be the last/only using that service too

Saas pickup bookings for covid

“The pandemic gave us an opportunity to help in lots of new and unexpected spaces,” Ford said. “It opened up new markets in retail. We never anticipated having a retail footprint, yet one of our biggest customers is Bunnings Warehouse in Australia. Since they went into lockdown, a couple of hundred locations found us; we have no idea how. has All their customers have to do drive up and collect their purchases. They built us into their order flow. We make about 30,000 bookings a day through that one client alone. If you had told me a warehouse in Australia would have using our system, I would have said you were crazy.”

Affiliate link
 
 
 

Affiliate link: Trade NZ and US shares and funds with Sharesies.

Stu

Stu
Hammered
6626 posts

Uber Geek

Moderator
ID Verified
Trusted
Lifetime subscriber

  #2844675 6-Jan-2022 21:47
Send private message

Also received the email. Not sure if Bunnings use FlexBooker for payments, though? I'll have a better hunt tomorrow, but it may only be that they use FlexBooker for booking Click and Collect pickups (I think you only end up using FlexBooker once the staff have made up your order and you get notified to go and select a pickup time). At least, I hope that's all they use it for!




It’s not that I’m agoraphobic, it’s just not safe to go out anymore.

 

Keep calm, and carry on posting.

 

Referral Links: Sharesies Backblaze 

 

 


davidcole

5535 posts

Uber Geek

Trusted

  #2844677 6-Jan-2022 21:52
Send private message

Stu: Also received the email. Not sure if Bunnings use FlexBooker for payments, though? I'll have a better hunt tomorrow, but it may only be that they use FlexBooker for booking Click and Collect pickups (I think you only end up using FlexBooker once the staff have made up your order and you get notified to go and select a pickup time). At least, I hope that's all they use it for!

 

 

 

ahh ok.  I had used click and collect once I think. 





Previously known as psycik

OpenHAB: Gigabyte AMD A8 BrixOpenHAB with Aeotech ZWave Controller, Raspberry PI, Wemos D1 Mini, Zwave, Xiaomi Humidity and Temperature sensors
Media:Chromecast v2, ATV4 4k, ATV4, HDHomeRun Dual
Windows 10
Host Plex Server 3x3TB, 4x4TB using DriveBender, Samsung 850 evo 512 GB SSD, Hyper-V Server with 1xW10, 2xUbuntu 20.04 LTS, Backblaze Backups, 




Lias
4877 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #2844687 6-Jan-2022 23:15
Send private message

I also use a unique address for bunnings.. No notification (nor flag on manual check).

 

Last time I did a click and collect from Bunnings was June, so looks like this may be a relatively new system?

 

 





I'm a geek, a gamer, a dad and an IT Professional. I have a full rack home lab, size 15 feet, an epic beard and Asperger's. I'm a bit of a Cypherpunk, who believes information wants to be free and the Net interprets censorship as damage and routes around it.


Kraven
677 posts

Ultimate Geek


  #2844689 6-Jan-2022 23:25
Send private message

I too received this and found an Bunnings Drive & Collect booking confirmation email and it does indeed originate from Flexbooker. Booking was in Sept 2021.


Senecio
1542 posts

Uber Geek

ID Verified

  #2844723 7-Jan-2022 08:43
Send private message

Thank you for posting this. I too received the same alert but as I don’t use unique email addresses (yet!) I had no idea which online retailer was involved. Now at least I know to change my Bunnings password.

davidcole

5535 posts

Uber Geek

Trusted

  #2844731 7-Jan-2022 09:09
Send private message

Senecio: Thank you for posting this. I too received the same alert but as I don’t use unique email addresses (yet!) I had no idea which online retailer was involved. Now at least I know to change my Bunnings password.

 

 

 

good luck.   I’m Not actually sure how. I think maybe you have to perform a reset on it.  If you figure it out, let me know 

 

 

 

EDIT:  unless you  can find something in the site for changing a password, the only method I’ve seen is a password reset.   I’ve just done this for mine





Previously known as psycik

OpenHAB: Gigabyte AMD A8 BrixOpenHAB with Aeotech ZWave Controller, Raspberry PI, Wemos D1 Mini, Zwave, Xiaomi Humidity and Temperature sensors
Media:Chromecast v2, ATV4 4k, ATV4, HDHomeRun Dual
Windows 10
Host Plex Server 3x3TB, 4x4TB using DriveBender, Samsung 850 evo 512 GB SSD, Hyper-V Server with 1xW10, 2xUbuntu 20.04 LTS, Backblaze Backups, 




  #2844734 7-Jan-2022 09:17
Send private message

is it actually related to the bunnings website and account info?

 

doesnt bunnings just pass your order off to FlexBooker so you can book your click and collect?


Oblivian
6659 posts

Uber Geek

ID Verified

  #2844740 7-Jan-2022 09:35
Send private message

Jase2985:

is it actually related to the bunnings website and account info?


doesnt bunnings just pass your order off to FlexBooker so you can book your click and collect?



See my quoted testimony. It isn't clear what is passed on. But likely just the scheduling minimal. Potentially even the source for all the mobile spam increase...

It's now on reddit. With the aussies raising it with privacy as their requirements mean the company has to disclose and advise customers asap or face penalties.

Senecio
1542 posts

Uber Geek

ID Verified

  #2844762 7-Jan-2022 10:14
Send private message

davidcole:

 

Senecio: Thank you for posting this. I too received the same alert but as I don’t use unique email addresses (yet!) I had no idea which online retailer was involved. Now at least I know to change my Bunnings password.

 

 

 

good luck.   I’m Not actually sure how. I think maybe you have to perform a reset on it.  If you figure it out, let me know 

 

 

 

EDIT:  unless you  can find something in the site for changing a password, the only method I’ve seen is a password reset.   I’ve just done this for mine

 

 

Yes, password reset was the only way. I've found that's not uncommon. Many websites don't provide the ability to update a password. You have to log out click forgo password to get a reset.

 

 


freitasm
BDFL - Memuneh
74143 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #2844794 7-Jan-2022 11:48
Send private message

FlexBooker discloses data breach, over 3.7 million accounts impacted (bleepingcomputer.com)

 

 

Accounts of more than three million users of the U.S.-based FlexBooker appointment scheduling service have been stolen in an attack before the holidays and are now being traded on hacker forums.

 

The same intruders are offering databases claiming to be from two other entities: racing media organization Racing.com and Redbourne Group’s rediCASE case management software, both from Australia.

 

Pre-holiday breaches
All three breaches allegedly occurred a few days before Christmas and the intruder published the data on a hacker forum.

 

The latest data dump appears to be from FlexBooker, a popular tool for scheduling appointments and synchronizing employee calendar.

 

Among FlexBooker’s customers are owners of any business that needs to schedule appointments, which is everything from accountants, barbers, doctors, mechanics, lawyers, dentists, gyms, salons, therapists, trainers, spas, and the list goes on.

 

Claiming the attack seems to be a group calling themselves Uawrongteam, who shared links to archives and files with sensitive information, such as photos, driver’s licenses, and other IDs.

 

According to Uawrongteam, the database contains a table with 10 million lines of customer information that ranges from payment forms and charges to driver’s license photos.

 

The actor notes that some “juicy columns” in the database are names, emails, phone numbers, password salt, and hashed passwords.

 





Support Geekzone by subscribing, making a donation. or using one of our referral links: Sharesies | Goodsync  | Mighty Ape | Backblaze | Norton 360 | Lenovo laptops 

 

freitasm on Keybase | My technology disclosure

 

 

 

 

 

 


davidcole

5535 posts

Uber Geek

Trusted

  #2844795 7-Jan-2022 11:53
Send private message

Be Interesting to know what Informstion bunnings has passed.   I’d assume email and phone number.   Maybe address details.  If payment I’d be really pissed 





Previously known as psycik

OpenHAB: Gigabyte AMD A8 BrixOpenHAB with Aeotech ZWave Controller, Raspberry PI, Wemos D1 Mini, Zwave, Xiaomi Humidity and Temperature sensors
Media:Chromecast v2, ATV4 4k, ATV4, HDHomeRun Dual
Windows 10
Host Plex Server 3x3TB, 4x4TB using DriveBender, Samsung 850 evo 512 GB SSD, Hyper-V Server with 1xW10, 2xUbuntu 20.04 LTS, Backblaze Backups, 


davidcole

5535 posts

Uber Geek

Trusted

  #2844851 7-Jan-2022 15:08
Send private message

Hi.  Received the following via pm.   Edited to removed users comments and just left the technical details.

 

 

 

 

We send the following information to FlexBooker, and only if the customer chooses to book a collection time slot by clicking a link in an email we send from our own platforms: customer name, customer email address, order number (Wxxxxxxxxx-x), collection store. Of course the date and time of the slot the customer chooses is also retained by FlexBooker.

 

https://a.flexbooker.com/reserve/bunnings?firstName=FIRSTNAME%20LASTNAME&order-number=Wxxxxxxxxx-x&email=EMAIL&locationId=STORE#calendar

 

We do not send any other information, including addresses, payment information or credit card details etc to FlexBooker.

 





Previously known as psycik

OpenHAB: Gigabyte AMD A8 BrixOpenHAB with Aeotech ZWave Controller, Raspberry PI, Wemos D1 Mini, Zwave, Xiaomi Humidity and Temperature sensors
Media:Chromecast v2, ATV4 4k, ATV4, HDHomeRun Dual
Windows 10
Host Plex Server 3x3TB, 4x4TB using DriveBender, Samsung 850 evo 512 GB SSD, Hyper-V Server with 1xW10, 2xUbuntu 20.04 LTS, Backblaze Backups, 


Oblivian
6659 posts

Uber Geek

ID Verified

  #2844863 7-Jan-2022 15:25
Send private message

Perhaps redact role/name? ;) Cant be too many. And passing that is making it kinda public

(A paraphrase may be better)

davidcole

5535 posts

Uber Geek

Trusted

  #2844865 7-Jan-2022 15:32
Send private message

Oblivian: Perhaps redact role/name? ;) Cant be too many. And passing that is making it kinda public

(A paraphrase may be better)

 

 

 

yeah I was doing on phone so just copy pasted.   I’ve gone and left just the technical details now.   Rather than any comment from the pm sender. 





Previously known as psycik

OpenHAB: Gigabyte AMD A8 BrixOpenHAB with Aeotech ZWave Controller, Raspberry PI, Wemos D1 Mini, Zwave, Xiaomi Humidity and Temperature sensors
Media:Chromecast v2, ATV4 4k, ATV4, HDHomeRun Dual
Windows 10
Host Plex Server 3x3TB, 4x4TB using DriveBender, Samsung 850 evo 512 GB SSD, Hyper-V Server with 1xW10, 2xUbuntu 20.04 LTS, Backblaze Backups, 


 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic





News and reviews »

GoPro Hero10 Black Review
Posted 8-Aug-2022 17:41


Amazon to Acquire iRobot
Posted 6-Aug-2022 11:41


Samsung x LIFE Picture Collection Brings Iconic Moments in History to The Frame
Posted 4-Aug-2022 17:04


Norton Consumer Cyber Safety Pulse Report: Phishing for New Bait on Social Media
Posted 4-Aug-2022 16:50


Microsoft Announces New Solutions for Threat Intelligence and Attack Surface Management
Posted 3-Aug-2022 21:54


Seagate Addresses Hyperscale Workloads with Enterprise-Class Nytro SSDs
Posted 3-Aug-2022 21:50


Visa Launching Eco-friendly Payment Solutions in New Zealand
Posted 3-Aug-2022 21:48


NCR Delivers Services to Run Bank of New Zealand ATM Network
Posted 30-Jul-2022 11:06


New HP Portfolio Supports New Era of Hybrid Work
Posted 28-Jul-2022 17:14


Harman Kardon Launches Citation MultiBeam 1100 Soundbar
Posted 28-Jul-2022 17:10


Nanogirl Labs Launches Creator Project
Posted 28-Jul-2022 17:05


Marvel Snap Launches as an Action Collectible Card Game
Posted 26-Jul-2022 17:46


Jabra Talk 65 Review
Posted 26-Jul-2022 17:31


Huawei Watch D Review
Posted 26-Jul-2022 17:26


Huawei Introduces Watch Fit 2
Posted 14-Jul-2022 17:06









Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







Backblaze unlimited backup