Cloud app hosting giant Vercel this weekend said hackers had breached its internal systems and accessed customer data.
Hackers have claimed they have stolen sensitive customer credentials from Vercel’s systems and are selling the data online. In a statement on Sunday, Vercel said the breach originated from another software maker, Context AI. One of Vercel’s employees downloaded an app made by Context AI and connected it to their corporate account, which is hosted by Google. The hackers used that connection (known as OAuth) to take over the Vercel employee’s Google account and gain access to some of Vercel’s internal systems, including credentials that were not encrypted.
Read more…
Source: TechCrunch News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- 23andMe blames “negligent” breach victims, says it’s their own fault
January 4, 2024
In a surprising move, in a letter to legal representatives of victims of the recent 23andMe data breach, the company has laid the blame at the feet of victims themselves. 23andMe even goes as far as to claim that this wasn’t a data breach at 23andMe at all. The reasoning: “… unauthorized actors managed to access ...
- Orange suffers cyber attack affecting clients’ internet access in Spain
January 3, 2024
The Spanish unit of telecoms provider Orange on Wednesday suffered a cyber attack that affected an undisclosed number of clients who could not access certain websites, a company spokesperson said. The unauthorized access to Orange’s IP network coordination centre has been mostly solved and was neutralized by Orange, the second largest telecoms provider in Spain, the ...
- Australia: Cyber attack on Victoria’s court system may have exposed recordings of sensitive cases
January 1, 2024
Victoria’s court system has been hit by a ransomware attack, which an independent expert believes was orchestrated by Russian hackers. A spokesperson for Court Services Victoria (CSV) said hackers accessed an area of the court system’s audio-visual archive. That would mean recordings of hearings including witness testimony from highly sensitive cases may have been accessed or ...
- Mint Mobile reveals another major data breach
December 29, 2023
American mobile virtual network operator (MVNO) Mint Mobile has confirmed suffering a data breach affecting an unknown number of its customers. The company revealed the news in an email sent to its customers, in which it explained “We are writing to inform you about a security incident we recently identified in which an unauthorized actor obtained ...
- 2023’s badly handled data breaches
December 29, 2023
Last year, researchers compiled a list of 2022’s most poorly handled data breaches, looking back at the bad behavior of corporate giants when faced with hacks and breaches. That included everything from downplaying the real-world impact of spills of personal information to failing to answer basic questions. Turns out this year, many organizations continue to make ...
- EasyPark data breach may affect millions of customers
December 29, 2023
EasyPark has confirmed it was hit in a cyberattack that saw customer data breached and revealed online. The company, which runs apps to help people find parking spots, said in an alert to customers that it discovered the breach on December 10 2023. Read more… Source: Yahoo News