Cloud app hosting giant Vercel this weekend said hackers had breached its internal systems and accessed customer data.
Hackers have claimed they have stolen sensitive customer credentials from Vercel’s systems and are selling the data online. In a statement on Sunday, Vercel said the breach originated from another software maker, Context AI. One of Vercel’s employees downloaded an app made by Context AI and connected it to their corporate account, which is hosted by Google. The hackers used that connection (known as OAuth) to take over the Vercel employee’s Google account and gain access to some of Vercel’s internal systems, including credentials that were not encrypted.
Read more…
Source: TechCrunch News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Yahoo offers new details on breaches to Senate committee
February 28, 2017
Since Yahoo disclosed two mega-breaches late last year, its executives have met almost daily with CEO Marissa Mayer for working sessions focused on improving the company’s cybersecurity posture. Employees have also received weekly security presentations from Yahoo CISO Bob Lord at the company’s all-hands meetings. The new working sessions and briefings are part of an ...
- Boeing Notifies 36,000 Employees Following Breach
February 27, 2017
A Boeing employee inadvertently leaked the personal information of 36,000 of his co-workers late last year when he emailed a company spreadsheet to his non-Boeing spouse. News of the breach surfaced earlier this month after a letter (.PDF) from Boeing’s Deputy Chief Privacy Officer Marie Olson, to the Attorney General for the state of Washington Bob ...
- How to Bury a Major Breach Notification
February 21, 2017
Amid the hustle and bustle of the RSA Security Conference in San Francisco last week, researchers at RSA released a startling report that received very little press coverage relative to its overall importance. The report detailed a malware campaign that piggybacked on a popular piece of software used by system administrators at some of the ...
- Why Cybersecurity Should Be The CFO’s Job
January 31, 2017
Cyber risk is a 21st century business reality and something that can’t be ignored. The sheer pervasiveness of these risks, matched with the evolution into far more complex attacks, means the C-Suite has to get serious about managing cybersecurity. I sat down with Steffan Tomlinson this month, CFO of Palo Alto Networks, who explains why ...
- Last Year’s Data Breaches Exposed 4.2 Billion Records, Most from America
January 26, 2017
The United States was the main target of hacker attacks last year, resulting in a record number of data breaches. According to a report from Risk Based Security, during 2016 there were 4,149 data breaches which resulted in the exposure of 4.2 billion records. Nearly half, or more specifically 47.5%, of the breaches that exposed user ...
- Yahoo Under SEC Investigation for Taking too Long to Reveal Data Breaches
January 23, 2017
Yahoo is in big trouble with US authorities due to how it handled the massive data breaches it disclosed last year, more specifically its failure to inform investors of the issues at an earlier time. The United States Securities and Exchange Commission (SEC) has launched an investigation, the Wall Street Journal reports, which is yet in ...