A security incident occurred where attackers exploited 7shifts' application logic to distribute phishing scams (e.g., Geek Squad, Norton AV) via legitimate, authenticated scheduling emails. Bad actors created free trial accounts, injected malicious payloads into unvalidated User Name and Location fields, and published schedules to Microsoft 365 routing aliases that automatically forwarded the notifications to external victims