Cloud app hosting giant Vercel this weekend said hackers had breached its internal systems and accessed customer data.
Hackers have claimed they have stolen sensitive customer credentials from Vercel’s systems and are selling the data online. In a statement on Sunday, Vercel said the breach originated from another software maker, Context AI. One of Vercel’s employees downloaded an app made by Context AI and connected it to their corporate account, which is hosted by Google. The hackers used that connection (known as OAuth) to take over the Vercel employee’s Google account and gain access to some of Vercel’s internal systems, including credentials that were not encrypted.
Read more…
Source: TechCrunch News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Facebook data breach settlement payments are starting to roll out
September 13, 2025
If you used Facebook at any time during a 15-year period, keep an eye on your bank account. Settlement payments related to the several-years-old Cambridge Analytica data breach scandal are starting to roll out this month, per CBS News. A court filing cited by CBS News says the average payment amount will come out to around ...
- Israel: Dozens of actors fall victim to Iranian phishing attack
September 12, 2025
Dozens of Israeli actors have fallen victim to a phishing attack believed to originate from Iranian sources. According to a statement from the National Cyber Directorate, the actors were asked to submit filmed auditions and sensitive personal information—including photos of ID cards and passports—after receiving emails posing as a casting call for a new film by ...
- South Korea’s KT admits data breach
September 11, 2025
KT Corp has become the second South Korean mobile operator this year to report a cybersecurity breach to the country’s data protection authorities, with the operator confirming on Thursday that 5,561 customers may have had their subscriber data stolen by hackers. While the reported breach is nowhere near the magnitude of SK Telecom’s disastrous data breach, ...
- All Plex users should reset passwords in wake of data breach
September 10, 2025
Popular media server and streaming platform, Plex, warned its users about losing their sensitive data in a cyberattack, and urged them to update their passwords as a result. In a forum post published on September 8, Plex said it recently experienced a security incident with “limited impact”, when an unauthorized third party accessed a subset of ...
- Columbia University data breach hits 870,000 people
September 6, 2025
Columbia University recently confirmed a major cyberattack that compromised personal, financial, and health-related information tied to students, applicants, and employees. The victims include current and former students, employees, and applicants. Notifications to affected individuals began on August 7 and are continuing on a rolling basis. Columbia, one of the oldest Ivy League universities, discovered the breach ...
- Palo Alto Networks becomes the latest to confirm it was hit by Salesloft Drift attack
September 3, 2025
The Salesloft Drift incident is quickly turning into the next MOVEit MFT fiasco, as yet another company confirms losing sensitive data in the third-party attack. This time around, it is the American multinational cybersecurity company Palo Alto Networks that confirmed losing customer data and support cases information in the breach. It all began with the sales ...