Cloud app hosting giant Vercel this weekend said hackers had breached its internal systems and accessed customer data.
Hackers have claimed they have stolen sensitive customer credentials from Vercel’s systems and are selling the data online. In a statement on Sunday, Vercel said the breach originated from another software maker, Context AI. One of Vercel’s employees downloaded an app made by Context AI and connected it to their corporate account, which is hosted by Google. The hackers used that connection (known as OAuth) to take over the Vercel employee’s Google account and gain access to some of Vercel’s internal systems, including credentials that were not encrypted.
Read more…
Source: TechCrunch News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- US chemical distributor shares info on DarkSide ransomware data theft
July 3, 2021
World-leading chemical distribution company Brenntag has shared additional info on what data was stolen from its network by DarkSide ransomware operators during an attack from late April 2021 that targeted its North America division. Brenntag is the second largest in sales for North America, according to the ICIS report on the Top 100 Chemical Distributors worldwide. The ...
- Mercedes-Benz data breach exposes SSNs, credit card numbers
June 25, 2021
Mercedes-Benz USA has just disclosed a data breach impacting some of its customers. The company assessed 1.6 million customer records which included customer names, addresses, emails, phone numbers, and some purchased vehicle information to determine the impact. It appears the data breach exposed credit card information, social security numbers, and driver license numbers of under 1,000 Mercedes-Benz ...
- Tulsa warns of data breach after Conti ransomware leaks police citations
June 23, 2021
The City of Tulsa, Oklahoma, is warning residents that their personal data may have been exposed after a ransomware gang published police citations online. In early May, Tulsa suffered a ransomware attack that led to the City shutting down its network to prevent the spread of the malware. The attack disrupted Tulsa’s online bill payment systems, utility ...
- Carnival Cruise Cyber-Torpedoed by Cyberattack
June 18, 2021
Carnival Corp., the world’s largest cruise-ship operator, has sprung another leak: For the second time in a year, attackers have breached email accounts and accessed personal, financial and health information belonging to guests, employees and crew. Carnival has quite the armada: Its cruise brands include Carnival Cruise Line, Princess Cruises, Holland America Line, Seabourn, P&O Cruises ...
- Billions of records belonging to CVS Health exposed online
June 16, 2021
In another example of misconfigured cloud services impacting security, billions of records belonging to CVS Health have been exposed online. On Thursday, WebsitePlanet, together with researcher Jeremiah Fowler, revealed the discovery of an online database belonging to CVS Health. The database was not password-protection and had no form of authentication in place to prevent unauthorized entry. Upon ...
- Audi, Volkswagen data breach affects 3.3 million customers
June 12, 2021
Audi and Volkswagen have suffered a data breach affecting 3.3 million customers after a vendor exposed unsecured data on the Internet. Volkswagen Group of America, Inc. (VWGoA) is the North American subsidiary of the German Volkswagen Group. It is responsible for US and Canadian operations for Volkswagen, Audi, Bentley, Bugatti, Lamborghini, and VW Credit, Inc. Read more… Source: ...