Cloud app hosting giant Vercel this weekend said hackers had breached its internal systems and accessed customer data.
Hackers have claimed they have stolen sensitive customer credentials from Vercel’s systems and are selling the data online. In a statement on Sunday, Vercel said the breach originated from another software maker, Context AI. One of Vercel’s employees downloaded an app made by Context AI and connected it to their corporate account, which is hosted by Google. The hackers used that connection (known as OAuth) to take over the Vercel employee’s Google account and gain access to some of Vercel’s internal systems, including credentials that were not encrypted.
Read more…
Source: TechCrunch News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- FCA urges Capita clients to ascertain if data was compromised in cyber-attack
May 3, 2023
The City regulator has contacted Capita’s corporate clients urging them to ascertain whether their customers’ data has been compromised after a cyber-attack on the outsourcer in March. The Financial Conduct Authority said it had written to firms it regulates and which outsource work to Capita to ensure they are “fully engaged” in assessing the fallout from ...
- T-Mobile discloses second data breach since the start of 2023
May 1, 2023
T-Mobile disclosed the second data breach of 2023 after discovering that attackers had access to the personal information of hundreds of customers for more than a month, starting late February 2023. Compared to previous data breaches reported by T-Mobile, the latest of which impacted 37 million people, this incident affected only 836 customers. Still, the amount ...
- Cyber-attack sparks fears that criminals could target UK gun owners for firearms
April 29, 2023
Police are investigating a cyber-attack involving potentially thousands of British gun owners, raising concerns that organised criminals may target them for firearms. The National Crime Agency (NCA) is assessing the level of risk after the National Smallbore Rifle Association (NSRA) confirmed that data belonging to some of its members had been “compromised”. Read more… Source: The Guardian
- Capita IT breach gets worse as Black Basta claims it’s now selling off stolen data
April 18, 2023
Black Basta, the extortionists who claimed they were the ones who lately broke into Capita, have reportedly put up for sale sensitive details, including bank account information, addresses, and passport photos, stolen from the IT outsourcing giant. A spokesperson for the London-based corporation, which has UK government contracts totaling £6.5 billion ($8 billion), said it hasn’t ...
- Latitude Financial refuses to pay cyber-attack ransom demands
April 11, 2023
Finance company Latitude Financial says it will not give in to ransom demands by cyber criminals behind one of Australia’s largest cyber-attacks. Almost 8 million driver’s licenses of Australian and New Zealand customers have been stolen including more than 6 million customer records. Read more… Source: MSN News
- UK criminal records office suffers two-month “cyber security incident”
April 5, 2023
The UK’s national office for managing criminal record information (ACRO) has confirmed it’s currently trying to recover from a two-month “cyber security incident”. Few details were revealed by the organisation and other authorities, other than that the attack took place between 17 January and 21 March 2023. Read more… Source: IT Pro