Web infrastructure company Vercel has revealed a security incident that allowed unauthorized access to specific internal systems. This breach originated from a compromise of Context.ai, an artificial intelligence tool utilized by a Vercel employee.
Details of the Breach
The attacker exploited this access to infiltrate the employee’s Vercel Google Workspace account, gaining entry to various Vercel environments and environment variables that were not classified as ‘sensitive.’ According to Vercel’s statement, sensitive environment variables are encrypted, preventing unauthorized reading, with no current evidence indicating these were accessed.
Vercel characterized the threat actor as ‘sophisticated,’ citing their rapid operations and in-depth understanding of Vercel’s systems. The company is collaborating with Google-owned Mandiant, other cybersecurity firms, and law enforcement, alongside engaging with Context.ai to fully assess the breach’s extent.
Impact on Customers
A limited segment of Vercel’s customers had their credentials compromised. Vercel has contacted these customers directly, advising immediate credential rotation. The investigation into the exfiltrated data continues, with plans to notify customers if further evidence of compromise arises.
In addition, Vercel is recommending that Google Workspace administrators and account owners verify the appearance of the following OAuth application ID: 110671459871-30f1spbu0hptbs60cb4vsmv79i7bbvqj.apps.googleusercontent.com.
Response and Future Measures
While specifics about compromised systems, the number of affected customers, and the attacker’s identity remain undisclosed, an individual using the ShinyHunters alias has claimed responsibility, offering the stolen data for $2 million.
Vercel CEO Guillermo Rauch assured the deployment of comprehensive protection measures and monitoring. The company has reviewed its supply chain to secure platforms like Next.js and Turbopack, ensuring community safety. Enhancements to the dashboard, such as an overview of environment variables and improved sensitive variable management interface, have also been introduced to bolster customer security.
The incident underscores the need for constant vigilance and advanced security protocols to protect against sophisticated cyber threats, with Vercel taking steps to strengthen its defenses and customer safety.
