Cloud app hosting giant Vercel this weekend said hackers had breached its internal systems and accessed customer data.
Hackers have claimed they have stolen sensitive customer credentials from Vercel’s systems and are selling the data online. In a statement on Sunday, Vercel said the breach originated from another software maker, Context AI. One of Vercel’s employees downloaded an app made by Context AI and connected it to their corporate account, which is hosted by Google. The hackers used that connection (known as OAuth) to take over the Vercel employee’s Google account and gain access to some of Vercel’s internal systems, including credentials that were not encrypted.
Read more…
Source: TechCrunch News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Data of 3 billion people exposed in one of the largest data breaches in history
August 11, 2024
The personal data of over 2.9 billion people has been exposed in what could be one of the largest data breaches in history. The data breach affected Jerico Pictures Inc., better known as National Public Data (NPD,) which is a background check company that allows its customers to search billions of records with instant results. According ...
- Cash App to award $15M to users in security breach settlement
August 11, 2024
Cash App users could get some cash sent to their bank accounts soon. In a settlement, the mobile payment service was ordered to pay out $15 million in damages. According to a class-action lawsuit obtained by USA TODAY, plaintiffs sued Cash App Investing and Block Inc. for the companies’ “failure to exercise reasonable care in securing ...
- Security company ADT announces security breach of customer data
August 9, 2024
Electronic surveillance equipment provider ADT filed a form 8-K with the Security and Exchange Commision (SEC) to report “a cybersecurity incident during which unauthorized actors illegally accessed certain databases containing ADT customer order information.” ADT filed the 8-K on August 7, adding that the incident happened “recently,” but refraining from providing an exact date. The company ...
- Zimbabwe: Disclosure of cyber attacks must be mandatory to protect clients
August 9, 2024
In the wake of the recent high-profile cyber attack on one of the country’s largest financial institutions, it has become clear that stronger regulations are needed to ensure financial firms disclose when their systems have been breached. The hack resulted in the theft and public leaking of sensitive customer and operational data, putting thousands of Zimbabweans ...
- Advanced fined £6m over stolen patient data in 2022 cyber attack
August 7, 2024
The Information Commissioner’s Office (ICO) has imposed a £6.09 million fine on software provider Advanced following an initial finding that it failed to implement measures to protect the personal information of almost 83,000 people. A number of health and care systems delivered by Advanced first experienced major outages on 4 August 2022, disrupting several critical services ...
- Kadokawa confirms data leak of 254,000 people due to cyberattack
August 6, 2024
Japanese publisher Kadokawa has confirmed a data leak affecting 254,241 people due to a cyberattack. The finding, announced Monday, is based on an investigation by third-party experts. Of the leaked data, information of 186,269 people was related to Kadokawa Dwango Educational Institute, including N High School, a correspondence school. Kadokawa reported the investigation results to the ...