"Hackers have claimed they have stolen sensitive customer credentials from Vercel's systems and are selling the data online. Vercel stated that the breach originated from another software maker, Context AI."
"The hackers used that connection (known as OAuth) to take over the Vercel employee's Google account and gain access to some of Vercel's internal systems, including credentials that were not encrypted."
"The threat actor selling the data claimed to be representing the ShinyHunters hacking group in their listing on a cybercriminal forum, although the group denied involvement in this incident."
Vercel confirmed a breach of its internal systems, resulting in the theft of customer data by hackers. The breach occurred when an employee downloaded an app from Context AI, allowing hackers to access Vercel's Google account and internal systems. Sensitive credentials were accessed, although Vercel's Next.js and Turbopack projects remained unaffected. Customers were notified about compromised data, and Vercel's CEO advised rotating non-sensitive keys. The identity of the hackers remains unclear, with claims of involvement from the ShinyHunters group, which denied participation in this incident.
Read at TechCrunch
Unable to calculate read time
Collection
[
|
...
]