Cloud app hosting giant Vercel this weekend said hackers had breached its internal systems and accessed customer data.
Hackers have claimed they have stolen sensitive customer credentials from Vercel’s systems and are selling the data online. In a statement on Sunday, Vercel said the breach originated from another software maker, Context AI. One of Vercel’s employees downloaded an app made by Context AI and connected it to their corporate account, which is hosted by Google. The hackers used that connection (known as OAuth) to take over the Vercel employee’s Google account and gain access to some of Vercel’s internal systems, including credentials that were not encrypted.
Read more…
Source: TechCrunch News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Meta fined €265m over data protection breach that hit more than 500m users
November 28, 2022
Facebook’s owner has been fined €265m (£230m) by the Irish data watchdog after a breach that resulted in the details of more than 500 million users being published online. The Data Protection Commission (DPC) said Meta had infringed two articles of the EU’s data protection laws after details of Facebook users from around the world were ...
- Ransomware gang targets Belgian municipality, hits police instead
November 26, 2022
The Ragnar Locker ransomware gang has published stolen data from what they thought was the municipality of Zwijndrecht, but turned out to be stolen from Zwijndrecht police, a local police unit in Antwerp, Belgium. The leaked data reportedly exposed thousands of car number plates, fines, crime report files, personnel details, investigation reports, and more. This type of ...
- Australian Cyber Task Force Looks to “Hack the Hackers” After Data Breach Crime Wave
November 24, 2022
A recent string of data breaches has prompted rapid changes to Australia’s cybersecurity and data protection policies, and the latest development appears to be a cyber task force set to “hack back” and actively pursue what Minister for Home Affairs Clare O’Neil described as “scumbags.” Home Affairs is promising a new “tough on crime” policy toward ...
- Gambian Central Bank says ‘don’t panic’ after data hack
November 18, 2022
The Gambia’s Central Bank says there’s no need to panic after a data hack. Sources allege the hackers managed to access the bank’s most sensitive files, but in a statement the Central Bank said no mission-critical systems were compromised, and that normal operations have continued unabated. It did however say one server was affected, which was promptly ...
- Whoosh confirms data breach after hackers sell 7.2M user records
November 14, 2022
The Russian scooter-sharing service Whoosh has confirmed a data breach after hackers started to sell a database containing the details of 7.2 million customers on a hacking forum. Whoosh is Russia’s leading urban mobility service platform, operating in 40 cities with over 75,000 scooters. On Friday, a threat actor began selling the stolen data on a hacking ...
- Australia: Government considers making cyber ransom payments illegal after Medibank hack
November 13, 2022
It could soon be illegal for companies that fall victim to data breaches to pay ransoms to the hackers. The home affairs minister, Clare O’Neil, confirmed the government was examining whether new laws were needed to stop ransom payments in the wake of the Medibank and Optus data breaches. O’Neil said while short-term successes were needed in ...