Cloud app hosting giant Vercel this weekend said hackers had breached its internal systems and accessed customer data.
Hackers have claimed they have stolen sensitive customer credentials from Vercel’s systems and are selling the data online. In a statement on Sunday, Vercel said the breach originated from another software maker, Context AI. One of Vercel’s employees downloaded an app made by Context AI and connected it to their corporate account, which is hosted by Google. The hackers used that connection (known as OAuth) to take over the Vercel employee’s Google account and gain access to some of Vercel’s internal systems, including credentials that were not encrypted.
Read more…
Source: TechCrunch News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Thousands of Aer Lingus staff data stolen in ransomware attack
June 7, 2023
A Russia-linked ransomware gang responsible for a global cyber attack that has led to 5,000 Aer Lingus staff having their data stolen may have acquired enough information for identity theft, a leading cybercrime expert has warned. US company Progress Software revealed last week hackers had found a way to compromise the MOVEit Transfer software which is ...
- At least 100,000 Nova Scotians affected by cyber theft of government employee files
June 6, 2023
Cyber-criminals made off with the personal and banking information of at least 100,000 Nova Scotians last week, before the Nova Scotia government secured a file transfer service that had been breached as part of a global attack on MOVEit. Nova Scotia’s Minister of Cyber Security and Digital Service Colton LeBlanc provided that number Tuesday as part ...
- Microsoft says Clop ransomware gang is behind MOVEit mass-hacks, as first victims come forward
June 5, 2023
Security researchers have linked to the notorious Clop ransomware gang a new wave of mass-hacks targeting a popular file transfer tool, as the first victims of the attacks begin to come forward. It was revealed last week that hackers are exploiting a newly discovered vulnerability in MOVEit Transfer, a file-transfer tool widely used by enterprises to ...
- British Airways, Boots staff data compromised by payroll cyber hack
June 5, 2023
British Airways and retailer Boots said their staff were amongst those hit by a cyber attack on Zellis, a payroll provider used by hundreds of companies in Britain. British Airways, owned by IAG, said it had notified affected employees and was providing them with support. Read more… Source: MSN News
- Capita cyber-attack: 90 organisations report data breaches
May 30, 2023
About 90 organisations have reported breaches of personal information held by Capita after the outsourcing group suffered a cyber-attack, Britain’s data watchdog has said. The company, which runs crucial services for local councils, the military and the NHS, experienced the hack, which caused a significant IT outage, in March. Read more… Source: The Guardian
- MCNA Dental data breach impacts 8.9 million people after ransomware attack
May 29, 2023
Managed Care of North America (MCNA) Dental has published a data breach notification on its website, informing almost 9 million patients that their personal data were compromised. MCNA Dental is one of the largest government-sponsored (Medicaid and CHIP) dental care and oral health insurance providers in the U.S. Read more… Source: Bleeping Computer