Cloud app hosting giant Vercel this weekend said hackers had breached its internal systems and accessed customer data.
Hackers have claimed they have stolen sensitive customer credentials from Vercel’s systems and are selling the data online. In a statement on Sunday, Vercel said the breach originated from another software maker, Context AI. One of Vercel’s employees downloaded an app made by Context AI and connected it to their corporate account, which is hosted by Google. The hackers used that connection (known as OAuth) to take over the Vercel employee’s Google account and gain access to some of Vercel’s internal systems, including credentials that were not encrypted.
Read more…
Source: TechCrunch News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Ransomware attacks on schools threaten student data nationwide
August 26, 2024
Imagine a criminal gaining unrestricted access to your child’s most private information — medical records, Social Security numbers and even details about their daily bus ride to school. This alarming scenario is becoming a reality for a growing number of families as sophisticated cybercriminals increasingly target schools across the United States, holding their computer systems ...
- Privacy group fights European Parliament over ‘massive’ HR data breach
August 22, 2024
The European Parliament’s headache over a major human resources data breach earlier this year just won’t fade. Austria-based digital rights group noyb on Thursday said it had filed two complaints against the European Union institution for infringing the bloc’s flagship privacy law, the General Data Protection Regulation (GDPR), over a data breach discovered before the ...
- FlightAware Customer Data Left Exposed for Over Three Years
August 21, 2024
Users of FlightAware, the world’s largest flight-tracking platform, are being prompted to change their login credentials following a reported “data security incident.” According to FlightAware, the breach may have leaked sensitive customer information. The problem was discovered on 25 July, but it’s possible that it’s been ongoing since January 2021. Company officials say they believe it ...
- Toyota confirms customer and employee data stolen, says breach at third party to blame
August 21, 2024
Last week, a cybercriminal using the handle ZeroSevenGroup dumped 240GB of data on the infamous stolen data site BreachForums, that they said came from a hack on the US branch of car manufacturer Toyota. ZeroSevenGroup claims the dump includes customer and employee data. Toyota told BleepingComputer that a breach at a third party had led to the ...
- Hacked GPS tracker reveals location data of customers
August 19, 2024
Stalkerware researcher maia arson crimew strikes again. Big time. We know maia as a researcher that loves to go after stalkerware peddlers, which Malwarebytes—as one of the founding members of the Coalition Against Stalkerware—loves to see. The investigation into Tracki, besides uncovering a tangled web of companies, dubious websites, and false identities, also led to a ...
- How the ransomware attack at Change Healthcare went down: A timeline
August 17, 2024
A ransomware attack earlier this year on UnitedHealth-owned health tech company Change Healthcare likely stands as one of the largest data breaches of U.S. health and medical data in history. Months after the February data breach, a “substantial proportion of people living in America” are receiving notice by mail that their personal and health information was ...