Cloud app hosting giant Vercel this weekend said hackers had breached its internal systems and accessed customer data.
Hackers have claimed they have stolen sensitive customer credentials from Vercel’s systems and are selling the data online. In a statement on Sunday, Vercel said the breach originated from another software maker, Context AI. One of Vercel’s employees downloaded an app made by Context AI and connected it to their corporate account, which is hosted by Google. The hackers used that connection (known as OAuth) to take over the Vercel employee’s Google account and gain access to some of Vercel’s internal systems, including credentials that were not encrypted.
Read more…
Source: TechCrunch News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Personal data of 16 million Brazilian COVID-19 patients exposed online
November 26, 2020
The personal and health information of more than 16 million Brazilian COVID-19 patients has been leaked online after a hospital employee uploaded a spreadsheet with usernames, passwords, and access keys to sensitive government systems on GitHub this month. Among the systems that had credentials exposed were E-SUS-VE and Sivep-Gripe, two government databases used to store data ...
- Ransomware hits largest US fertility network, patient data stolen
November 26, 2020
US Fertility, the largest network of fertility centers in the U.S., says that some of its systems were encrypted in a ransomware attack that affected the company two months ago, in September 2020. The US Fertility (USF) network is comprised of 55 locations across 10 states that completed almost 25,000 IVF cycles in 2018 through its ...
- Belden networking giant’s company data stolen in cyberattack
November 25, 2020
Network device manufacturer Belden was hit with a cyberattack that allowed threat actors to steal files containing information about employees and business partners. Belden is a US-based manufacturer of network connectivity devices, including routers, firewalls, switches, cabling, and connectors. Belden generated $2.5 billion in revenue for 2019 and employs approximately 9,000 people. Read more… Source: Bleeping Computer
- GrowDiaries Exposes Emails, Passwords of 1.4M Cannabis Growers
November 4, 2020
A database linked to GrowDiaries, an online community of cannabis growers, has exposed more than a million users’ email addresses, passwords, IP address records and posts. GrowDiaries is a robust online community of cannabis growing enthusiasts from around the world, where they can share tips, tricks and pictures of their progress. On Oct. 10, researcher Volodymyr ...
- Marriott fined £18.4 million by UK watchdog over customer data breach
November 2, 2020
The Information Commissioner’s Office (ICO) has fined Marriott £18.4 million over a 2014 data breach, heavily reducing the penalty originally planned due to COVID-19 disruption. The Marriot hotel group was subject to a 2014 data breach impacting the Starwood resort chain, acquired by Marriott in 2015. At the time, threat actors were able to infiltrate Starwood systems ...
- Lazada confirms 1.1M accounts compromised in RedMart security breach
October 30, 2020
Singapore-based online grocery platform RedMart has suffered a data breach that compromised personal data of 1.1 million accounts. An individual has claimed to be in possession of the database involved in the breach, which contains various personal information such as mailing addresses, encrypted passwords, and partial credit card numbers. RedMart customers on Friday were logged out ...