Cloud app hosting giant Vercel this weekend said hackers had breached its internal systems and accessed customer data.
Hackers have claimed they have stolen sensitive customer credentials from Vercel’s systems and are selling the data online. In a statement on Sunday, Vercel said the breach originated from another software maker, Context AI. One of Vercel’s employees downloaded an app made by Context AI and connected it to their corporate account, which is hosted by Google. The hackers used that connection (known as OAuth) to take over the Vercel employee’s Google account and gain access to some of Vercel’s internal systems, including credentials that were not encrypted.
Read more…
Source: TechCrunch News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Ireland: Loss of papers and devices among the Department of Justice’s 482 data breaches
December 15, 2024
The Department of Justice has recorded more than 480 data breaches over the past three years, including the loss of sensitive papers, encrypted devices, and unauthorised access to social media. The breaches occurred across the department including key areas such as international protection, the response to the Ukraine refugee crisis, and in citizenship applications. A log ...
- Cyber attack may affect personal information of thousands of Rhode Islanders
December 13, 2024
A massive cyberattack could impact the personal information of hundreds of thousands of Rhode Islanders after hackers targeted a state contractor that stores health and personal data. Governor Dan McKee announced that the personal information of thousands was compromised in a cybersecurity attack. Anyone who has ever received or applied for health coverage or human service ...
- “Termite” ransomware group claims responsibility for the Blue Yonder attack
December 9, 2024
On Friday, the “Termite” ransomware group claimed responsibility for the attack on its dark web leak site. In a post seen by TechCrunch, the gang claims to have stolen 680 gigabytes of data from Blue Yonder, including documents, reports, insurance documents and email lists, which Termite says it intends to use “for future attacks.” In a ...
- Massive New Jersey cybersecurity breach leads to thousands of stolen SSNs
December 7, 2024
The social security numbers, driver’s licenses, payroll, health and other personal details of Hoboken city workers were among the data stolen in a “massive” cybersecurity breach last month. According to a list of thousands of stolen files obtained by The Jersey Journal, every department in City Hall — ranging from payroll to construction, health, and animal ...
- Equifax breach: Check for exposed data, get $125
December 6, 2024
Following a data breach exposing the social security numbers of millions, the credit bureau at fault will also spend millions to pay back those affected. Equifax, one of the three major credit reporting agencies, reached a $700 million settlement with the Federal Trade Commission after they exposed the information of around 147 million people. Over 1.1 ...
- 63% of companies plan to pass data breach costs to customers
December 4, 2024
The rising practice of shaking down customers to pay for security shortfalls could have a silver lining for CISOs, as diluted price competitiveness could convince top brass of the ROI of cybersecurity investments. Consumers may be more on the hook for paying for the rising costs of data breaches than they realize, as companies increasingly turn ...