Cloud app hosting giant Vercel this weekend said hackers had breached its internal systems and accessed customer data.
Hackers have claimed they have stolen sensitive customer credentials from Vercel’s systems and are selling the data online. In a statement on Sunday, Vercel said the breach originated from another software maker, Context AI. One of Vercel’s employees downloaded an app made by Context AI and connected it to their corporate account, which is hosted by Google. The hackers used that connection (known as OAuth) to take over the Vercel employee’s Google account and gain access to some of Vercel’s internal systems, including credentials that were not encrypted.
Read more…
Source: TechCrunch News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Signal says messages circulating about app’s hacking false
March 1, 2022
Instant messaging app Signal said on Monday rumors circulating on several apps that its messaging platform has been “compromised and hacked” is false. Signal said in a tweet that it saw an uptick in usage in Eastern Europe and the rumor messages were often attributed to official government sources that read “attacks on Signal platform.” Read more… Source: ...
- Quarter of a million lawyer disciplinary records leak
February 28, 2022
Approximately 260,000 nonpublic disciplinary records stored on behalf of The State Bar of California were found to be exposed to the public and to have been republished on Judyrecords.com, a website that aggregates over 630 million public court records. The sensitive records exposed include the case number, filing date, case type, case status, and respondent and ...
- Ransomware groups and hacktivist collective are getting involved in the military conflict between Ukraine and Russia
February 25, 2022
Multiple ransomware groups and members of the hacktivist collective Anonymous announced this week that they are getting involved in the military conflict between Ukraine and Russia. On Thursday, members of Anonymous announced on Twitter that they would be launching attacks against the Russian government. The hacktivists defaced some local government websites in Russia and temporarily took ...
- Russian State-Sponsored Cyber Actors Target Cleared Defense Contractor Networks to Obtain Sensitive U.S. Defense Information and Technology
February 16, 2022
From at least January 2020, through February 2022, the Federal Bureau of Investigation (FBI), National Security Agency (NSA), and Cybersecurity and Infrastructure Security Agency (CISA) have observed regular targeting of U.S. cleared defense contractors (CDCs) by Russian state-sponsored cyber actors. The actors have targeted both large and small CDCs and subcontractors with varying levels of ...
- Red Cross: State hackers breached our network using Zoho bug
February 16, 2022
The International Committee of the Red Cross (ICRC) said today that the hack disclosed last month against its servers was a targeted attack likely coordinated by a state-backed hacking group. During the incident, the attackers gained access to the personal information (names, locations, and contact information) of over 515,000 people in the “Restoring Family Links” program ...
- Croatian phone carrier data breach impacts 200,000 clients
February 11, 2022
Croatian phone carrier ‘A1 Hrvatska’ has disclosed a data breach exposing the personal information of 10% of its customers, roughly 200,000 people. The announcement does not provide many details other than that they suffered a cybersecurity incident involving the unauthorized access of one of their user databases, which contained sensitive personal information. The type of information that ...