“The pandemic gave us an opportunity to help in lots of new and unexpected spaces,” Ford said. “It opened up new markets in retail. We never anticipated having a retail footprint, yet one of our biggest customers is Bunnings Warehouse in Australia. Since they went into lockdown, a couple of hundred locations found us; we have no idea how. has All their customers have to do drive up and collect their purchases. They built us into their order flow. We make about 30,000 bookings a day through that one client alone. If you had told me a warehouse in Australia would have using our system, I would have said you were crazy.”

Stu: Also received the email. Not sure if Bunnings use FlexBooker for payments, though? I'll have a better hunt tomorrow, but it may only be that they use FlexBooker for booking Click and Collect pickups (I think you only end up using FlexBooker once the staff have made up your order and you get notified to go and select a pickup time). At least, I hope that's all they use it for!

ahh ok.  I had used click and collect once I think. 

I also use a unique address for bunnings.. No notification (nor flag on manual check).

Last time I did a click and collect from Bunnings was June, so looks like this may be a relatively new system?

I too received this and found an Bunnings Drive & Collect booking confirmation email and it does indeed originate from Flexbooker. Booking was in Sept 2021.

Senecio: Thank you for posting this. I too received the same alert but as I don’t use unique email addresses (yet!) I had no idea which online retailer was involved. Now at least I know to change my Bunnings password.

good luck.   I’m Not actually sure how. I think maybe you have to perform a reset on it.  If you figure it out, let me know 

EDIT:  unless you  can find something in the site for changing a password, the only method I’ve seen is a password reset.   I’ve just done this for mine

is it actually related to the bunnings website and account info?

doesnt bunnings just pass your order off to FlexBooker so you can book your click and collect?

Jase2985:

is it actually related to the bunnings website and account info?

doesnt bunnings just pass your order off to FlexBooker so you can book your click and collect?

davidcole:

 

Senecio: Thank you for posting this. I too received the same alert but as I don’t use unique email addresses (yet!) I had no idea which online retailer was involved. Now at least I know to change my Bunnings password.

 

 

 

good luck.   I’m Not actually sure how. I think maybe you have to perform a reset on it.  If you figure it out, let me know 

 

 

 

EDIT:  unless you  can find something in the site for changing a password, the only method I’ve seen is a password reset.   I’ve just done this for mine

 

Yes, password reset was the only way. I've found that's not uncommon. Many websites don't provide the ability to update a password. You have to log out click forgo password to get a reset.

FlexBooker discloses data breach, over 3.7 million accounts impacted (bleepingcomputer.com)

 

Accounts of more than three million users of the U.S.-based FlexBooker appointment scheduling service have been stolen in an attack before the holidays and are now being traded on hacker forums.

 

The same intruders are offering databases claiming to be from two other entities: racing media organization Racing.com and Redbourne Group’s rediCASE case management software, both from Australia.

 

Pre-holiday breaches
All three breaches allegedly occurred a few days before Christmas and the intruder published the data on a hacker forum.

 

The latest data dump appears to be from FlexBooker, a popular tool for scheduling appointments and synchronizing employee calendar.

 

Among FlexBooker’s customers are owners of any business that needs to schedule appointments, which is everything from accountants, barbers, doctors, mechanics, lawyers, dentists, gyms, salons, therapists, trainers, spas, and the list goes on.

 

Claiming the attack seems to be a group calling themselves Uawrongteam, who shared links to archives and files with sensitive information, such as photos, driver’s licenses, and other IDs.

 

According to Uawrongteam, the database contains a table with 10 million lines of customer information that ranges from payment forms and charges to driver’s license photos.

 

The actor notes that some “juicy columns” in the database are names, emails, phone numbers, password salt, and hashed passwords.

 

Be Interesting to know what Informstion bunnings has passed.   I’d assume email and phone number.   Maybe address details.  If payment I’d be really pissed 

Hi.  Received the following via pm.   Edited to removed users comments and just left the technical details.

 

We send the following information to FlexBooker, and only if the customer chooses to book a collection time slot by clicking a link in an email we send from our own platforms: customer name, customer email address, order number (Wxxxxxxxxx-x), collection store. Of course the date and time of the slot the customer chooses is also retained by FlexBooker.

 

https://a.flexbooker.com/reserve/bunnings?firstName=FIRSTNAME%20LASTNAME&order-number=Wxxxxxxxxx-x&email=EMAIL&locationId=STORE#calendar

 

We do not send any other information, including addresses, payment information or credit card details etc to FlexBooker.

 

Oblivian: Perhaps redact role/name? ;) Cant be too many. And passing that is making it kinda public

(A paraphrase may be better)

yeah I was doing on phone so just copy pasted.   I’ve gone and left just the technical details now.   Rather than any comment from the pm sender.