Cloud app hosting giant Vercel this weekend said hackers had breached its internal systems and accessed customer data.
Hackers have claimed they have stolen sensitive customer credentials from Vercel’s systems and are selling the data online. In a statement on Sunday, Vercel said the breach originated from another software maker, Context AI. One of Vercel’s employees downloaded an app made by Context AI and connected it to their corporate account, which is hosted by Google. The hackers used that connection (known as OAuth) to take over the Vercel employee’s Google account and gain access to some of Vercel’s internal systems, including credentials that were not encrypted.
Read more…
Source: TechCrunch News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Estonia: At least one case of extortion reported following Asper Biogene data leak
December 25, 2023
Investigations into the Asper Biogene data leak that came to light last week are ongoing, and there is already at least one known case of an attempt to extort money from an individual in connection with the data leak. When the data theft case came to light, police warned that the situation could be exploited by ...
- Ubisoft apparently stopped a 900GB data breach
December 24, 2023
Just days after Insomniac suffered a horrible data breach, Ubisoft may have avoided the same fate. Security collective VX-Underground shared a report on X that, on Dec. 20, an “unknown Threat Actor” got access to Ubisoft’s internal tools, sharing screenshots online. They allegedly intended to get 900GB worth of data from the French game publisher behind ...
- Rhode Island: Data breach at Wyatt steals info of detainees, staff and vendors
December 22, 2023
At least 1,454 detainees of the Donald W. Wyatt Detention Facility, 438 current and former staff members and 92 vendors have been affected by a virus in the facility’s computer system, Wyatt announced Friday. The FBI is now investigating the matter, which Wyatt discovered on November 2. “At this time, we believe that various types of ...
- Cyberattack forces First American to take some IT systems offline
December 22, 2023
First American, one of the largest insurance companies in the United States, suffered a malware attack that forced the company to shut some of its systems down, including its website. At press time, the official website firstam.com was still offline, while a dedicated notification site – firstamupdate.com – was set up. There is a short notification ...
- Lapsus$: GTA 6 hacker handed indefinite hospital order
December 22, 2023
An 18-year-old hacker who leaked clips of a forthcoming Grand Theft Auto (GTA) game has been sentenced to an indefinite hospital order. Arion Kurtaj from Oxford, who is autistic, was a key member of international gang Lapsus$. The gang’s attacks on tech giants including Uber, Nvidia and Rockstar Games cost the firms nearly $10m. The judge ...
- Here’s Why You’ll Hear About a Lot More Data Breaches in 2024
December 20, 2023
Cybersecurity incidents are constantly in the news these days, but you’ll soon be hearing about a lot more of them. That’s because a new rule from the Securities and Exchange Commission went into effect on Monday, requiring all public companies to report data breaches in just four days. The new SEC rule requires public companies to ...