Cloud app hosting giant Vercel this weekend said hackers had breached its internal systems and accessed customer data.
Hackers have claimed they have stolen sensitive customer credentials from Vercel’s systems and are selling the data online. In a statement on Sunday, Vercel said the breach originated from another software maker, Context AI. One of Vercel’s employees downloaded an app made by Context AI and connected it to their corporate account, which is hosted by Google. The hackers used that connection (known as OAuth) to take over the Vercel employee’s Google account and gain access to some of Vercel’s internal systems, including credentials that were not encrypted.
Read more…
Source: TechCrunch News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- UK: Sellafield nuclear site hacked by groups linked to Russia and China
December 4, 2023
The UK’s most hazardous nuclear site, Sellafield, has been hacked into by cyber groups closely linked to Russia and China, the Guardian can reveal. The astonishing disclosure and its potential effects have been consistently covered up by senior staff at the vast nuclear waste and decommissioning site, the investigation has found. The Guardian has discovered that ...
- New Relic’s cyber-something revealed as attack on staging systems, some users
December 4, 2023
Nine days after issuing a vaguely worded warning about a possible cyber security incident, web tracking and analytics outfit New Relic has revealed a two-front attack.… One front was the vendor’s staging systems, which it has admitted were compromised in mid-November after an “unauthorized actor used stolen credentials and social engineering in connection with a New ...
- Japan space agency server likely hit by unauthorized access attack
November 29, 2023
Japan’s space agency was likely hit by an unauthorized access attack to a network server, the government said Wednesday, adding the incident did not involve sensitive information pertaining to rockets or satellites. Sources close to the matter said the Japan Aerospace Exploration Agency was not aware that the breach may have occurred sometime during the summer ...
- Medical test company’s ‘serious and systemic failures’ led to cyber-attack, watchdog says
November 29, 2023
Medical testing company Australian Clinical Labs had “serious and systemic failures” that resulted in a cyber-attack that led to more than 200,000 customer health records and credit card details being published on the dark web, the Australian information commissioner has alleged. In October last year, in the midst of the Medibank and Optus cyber-attacks, Medlab’s parent ...
- Hacker claims to have hit General Electric and stolen company data
November 27, 2023
A hacker with the alias IntelBroker claims to have breached General Electric and stolen plenty of sensitive data from the company’s systems. The company operates in different fields, including aerospace, renewable energy, power, venture capital, and more. The hacker posted a new thread on an underground forum, selling access to the company’s “development and software pipelines” ...
- Gulf Air hit with data breach, customer data possibly affected
November 27, 2023
Gulf Air, the national air carrier for the Kingdom of Bahrain, has confirmed suffering a data breach which most likely resulted in hackers stealing sensitive customer information. The company confirmed the news via a press release shared with local media highlighting a “data breach incident” on November 24, possibly resulting in the compromise of “some information ...