Vercel Confirms Security Breach, Customer Credentials Compromised
Attack originated from compromised AI tool Context.ai, with hacker group ShinyHunters claiming to sell data for $2 million
نظرة سريعة
- Vercel has confirmed a security breach where a limited subset of customer credentials were compromised after attackers breached an AI tool called Context.ai used by a Vercel employee.
- The compromise allowed access to the employee's Google Workspace account and subsequently to some internal Vercel systems.
- Hacker group ShinyHunters posted on BreachForums claiming to sell access keys, source code, and database information for $2 million.
ملخص مُنشأ بالذكاء الاصطناعي
لماذا يهم
Vercel is a popular cloud hosting provider among crypto projects and web developers. The breach highlights the growing risk of supply chain attacks targeting third-party tools used by employees to gain access to larger targets.
Vercel, a cloud hosting provider popular among crypto projects, has confirmed that it suffered a security breach that allowed hackers to make off with a “limited” subset of customer credentials. Vercel said in a blog post on Sunday that it “identified a security incident that involved unauthorized access to certain internal Vercel systems” and was investigating the breach. “Initially we identified a limited subset of customers whose Vercel credentials were compromised,” it added. “We reached out to that subset and recommended an immediate rotation of credentials.” Vercel’s confirmation came after multiple X users reported that a post on the hacking forum BreachForums by a user called “ShinyHunters” claimed to be offering Vercel’s data in exchange for $2 million. The poster claimed to have access keys, source code, database information and employee accounts with access to internal deployments, which they said could be used for a “global supply chain attack.” Vercel did not address the post’s claims, but said the attacker was “highly sophisticated based on their operational velocity and detailed understanding of Vercel's systems.” Third-party AI tool compromised to carry out hack Vercel CEO Guillermo Rauch said on Sunday that the attack originated after a Vercel employee was compromised via a breach of an artificial intelligence tool they used called Context.ai. The attacker was then able to compromise the Vercel employee’s Google Workspace account, allowing them access to some of Vercel’s internal systems. Rauch said the company stores customer environments with full encryption, but it has the capability to designate variables as “non-sensitive,” and the attacker “got further access through their enumeration.” Related: Aave's TVL tanks $8B a day after $293M Kelp DAO hack “We believe the attacking group to be highly sophisticated and, I strongly suspect, significantly accelerated by AI,” he added. “They moved with surprising velocity and in-depth understanding of Vercel.” Rauch said that Vercel had “deployed extensive protection measures and monitoring” and it had analyzed its supply chain to ensure “Next.js, Turbopack, and our many open source projects remain safe for our community.” “My advice to everyone is to follow the best practices of security response: secret rotation, monitoring access to your Vercel environments and linked services, and ensuring the proper use of the sensitive env variables feature,” he added.
ما الذي يجب مراقبته
توقعات الذكاء الاصطناعي — احتمالات وليست حقائق
Vercel will implement stricter security requirements for third-party tool access
مرجح · خلال أسابيع
More companies will audit their third-party AI tool security following this incident
مرجح · خلال أشهر
أسئلة مفتوحة
- How many customer credentials were exactly compromised?
- Was any customer data actually exfiltrated?
- What specific internal systems were accessed?
- Did the attackers access any customer production environments?
