Cloud app hosting giant Vercel this weekend said hackers had breached its internal systems and accessed customer data.
Hackers have claimed they have stolen sensitive customer credentials from Vercel’s systems and are selling the data online. In a statement on Sunday, Vercel said the breach originated from another software maker, Context AI. One of Vercel’s employees downloaded an app made by Context AI and connected it to their corporate account, which is hosted by Google. The hackers used that connection (known as OAuth) to take over the Vercel employee’s Google account and gain access to some of Vercel’s internal systems, including credentials that were not encrypted.
Read more…
Source: TechCrunch News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Amazon is still hosting spyware victims’ data weeks after breach alert
March 13, 2025
Amazon will not say if it plans to take action against three phone surveillance apps that are storing troves of individuals’ private phone data on Amazon’s cloud servers, despite TechCrunch notifying the tech giant weeks earlier that it was hosting the stolen phone data. Amazon told TechCrunch it was “following process” after our February notice, ...
- Bank Of America Alerts Customers To Data Breach, Offers Identity Theft Protection For Affected Accounts
March 11, 2025
The Bank of America has alerted a small group of its customers about a data breach that may have exposed confidential information. The breach, which took place on December 30, was a result of improper handling of confidential documents by a third-party document destruction service provider. The breach could have potentially exposed sensitive data, including personal ...
- Hacker accessed PowerSchool’s network months before massive December breach
March 10, 2025
A hacker compromised the U.S. edtech giant PowerSchool months before its ‘massive’ data breach in December, according to a now-published forensic report into the incident conducted by U.S. cybersecurity firm CrowdStrike. In a letter sent to affected customers last week, seen by TechCrunch, PowerSchool confirmed that an investigation into the incident has revealed that its network ...
- Allstate sued for not reporting data breach of 165,000 New Yorkers
March 10, 2025
New York state sued Allstate on Monday, accusing the insurer’s National General unit of failing to report a data breach that exposed drivers’ license numbers, and not developing reasonable safeguards to protect policyholders’ private information. The lawsuit by New York Attorney General Letitia James was filed in a state court in Manhattan, and seeks civil fines. ...
- Japanese telco giant NTT Com says hackers accessed details of almost 18,000 organizations
March 10, 2025
Japanese telecom giant NTT Communications (NTT Com) has confirmed that hackers accessed the data of almost 18,000 corporate customers during a February cyberattack, affecting an as-yet-unknown number of individuals. The Tokyo-based NTT Com, which provides phone and network tech to enterprises, said it discovered the data breach on February 5 after determining that the hackers had ...
- UK: Healthcare staff illegally accessed medical records belonging to the Nottingham attack victims
March 6, 2025
The families of the Nottingham attack victims have said claims healthcare staff illegally accessed medical records belonging to their loved ones are “sickening” and “inexcusable”. Barnaby Webber and Grace O’Malley-Kumar, both 19, and Ian Coates, 65, were stabbed to death by Valdo Calocane in the city in June 2023. Dr Manjeet Shehmar, medical director at Nottingham ...