Cloud app hosting giant Vercel this weekend said hackers had breached its internal systems and accessed customer data.
Hackers have claimed they have stolen sensitive customer credentials from Vercel’s systems and are selling the data online. In a statement on Sunday, Vercel said the breach originated from another software maker, Context AI. One of Vercel’s employees downloaded an app made by Context AI and connected it to their corporate account, which is hosted by Google. The hackers used that connection (known as OAuth) to take over the Vercel employee’s Google account and gain access to some of Vercel’s internal systems, including credentials that were not encrypted.
Read more…
Source: TechCrunch News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Northern Ireland: No disciplinary action over multimillion-pound PSNI data breach
April 11, 2024
Jon Boutcher said the error that is set to cost hundreds of millions of pounds was due to a systems failure, as he insisted he not would preside over a “blame culture” within the PSNI. In August last year the details of almost 9,500 PSNI officers and staff were mistakenly published in response to a Freedom ...
- Government Consulting Firm GMA Reports a Massive Data Breach That Revealed 341,650 Social Security Numbers
April 10, 2024
In the ever-evolving digital landscape, where data breaches seem to be more of a certainty than a possibility, the recent revelation by Greylock McKinnon Associates (GMA) marks a significant moment of concern for privacy advocates, cybersecurity professionals, and individuals alike. The breach, exposing a staggering 341,650 Social Security numbers, has cast a spotlight on the urgent ...
- NHS board warns patients of further data leak after cyber attack
April 9, 2024
An NHS board has warned patients that further personal information could be leaked by cyber criminals who stole medical data in a major cyber attack. A large amount of confidential data was taken from NHS Dumfries and Galloway during a sustained hacking attack. Last week, INC Ransom, an extortion operation, posted a message on its dark ...
- UK: Warning to ‘stay on guard’ after Leicester council cyber-attack
April 5, 2024
People have been told to “stay on their guard” after a cyber-attack on Leicester City Council. Police were alerted after the authority was forced to disable its phone and computer systems on 7 March. While about 25 documents have been posted by the apparent attackers, they claim to have a much larger number. Read more… Source:,BBC News
- OWASP Foundation reveals data breach following Wiki web server issue
April 2, 2024
The Open Worldwide Application Security Project (OWASP) suffered a data breach in late February 2024 resulting in the exposure of sensitive data belonging to some of its members. In an announcement published on the OWASP website, Executive Director Andrew van der Stock confirmed the breach and explained that it happened due to a misconfiguration of an ...
- Prudential Financial February incident exposed data of nearly 37K customers
April 2, 2024
Prudential Financial disclosed that 36,545 individuals had personal information stolen in an early February breach that was claimed by ALPHV/BlackCat, the group also responsible for the Change Healthcare ransomware attack. In a letter to consumers March 29, the large insurance company said the stolen personal data includes names, addresses, driver’s license numbers, and non-driver identification card ...