Cloud app hosting giant Vercel this weekend said hackers had breached its internal systems and accessed customer data.
Hackers have claimed they have stolen sensitive customer credentials from Vercel’s systems and are selling the data online. In a statement on Sunday, Vercel said the breach originated from another software maker, Context AI. One of Vercel’s employees downloaded an app made by Context AI and connected it to their corporate account, which is hosted by Google. The hackers used that connection (known as OAuth) to take over the Vercel employee’s Google account and gain access to some of Vercel’s internal systems, including credentials that were not encrypted.
Read more…
Source: TechCrunch News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Suffolk County starting to restore online services amid months-long cyberattack
February 18, 2023
Suffolk County has been suffering through a massive cyberattack for months, but progress has been made to restore security. Social security numbers of 26,000 county employees and drivers license numbers of 470,000 were exposed or accessed. Read more… Source: MSN News
- Pepsi Bottling Ventures says info-stealing malware swiped sensitive data
February 14, 2023
Crooks have breached Pepsi Bottling Ventures’ network and, after deploying info-stealing malware, made off with sensitive personal and financial information according to a notification sent to consumers. The breach happened on or around December 23, 2022. However, Pepsi Bottling Ventures – America’s largest manufacturer and distributor of Pepsi-Cola beverages – didn’t discover the unauthorized activity until ...
- Play Ransomware lists A10 Networks on its leak site
February 11, 2023
The Play ransomware group listed networking firm A10 Networks in its leak site, after briefly gaining access to its IT infrastructure, according to data breach notifications firm BetterCyber. BetterCyber notes that the leak site claims the group has “private and personal confidential data, a lot of technical documentation, agreements, employee and client documents.” Read more… Source: GovInfoSecurity
- Ransomware crooks steal 3m+ patients’ medical records, personal info
February 11, 2023
Several California medical groups have sent security breach notification letters to more than three million patients alerting them that crooks may have stolen a ton of their sensitive health and personal information during a ransomware infection in December. According to the Southern California health-care organizations, which include Regal Medical Group, Lakeside Medical Organization, ADOC Medical Group, ...
- SNP MP Stewart McDonald’s emails hacked by Russian group
February 8, 2023
An MP has told the BBC his emails have been stolen and he fears they will be made public. The SNP’s Stewart McDonald said the hack took place in January and he wanted to pre-empt any publication sharing them. Read more… Source: BBC News
- Researcher breaches Toyota supplier portal with info on 14,000 partners
February 7, 2023
Toyota’s Global Supplier Preparation Information Management System (GSPIMS) was breached by a security researcher who responsibly reported the issue to the company. GSPIMS is the car manufacturer’s web application that allows employees and suppliers to remotely log in and manage the firm’s global supply chain. Read more… Source: Bleeping Computer