Vercel Acknowledges Security Breach Affecting 'Restricted' Set of Customer Data
The cloud hosting company Vercel has acknowledged experiencing a security incident following reports that hackers listed the firm's stolen data on an underground forum with a $2 million price tag.
Cloud hosting company Vercel, which counts numerous cryptocurrency projects among its clientele, has acknowledged experiencing a cybersecurity incident that resulted in unauthorized parties obtaining a "limited" portion of customer authentication credentials.
In a blog post published on Sunday, Vercel stated that the company "identified a security incident that involved unauthorized access to certain internal Vercel systems" and has launched an investigation into the intrusion.
"Initially we identified a limited subset of customers whose Vercel credentials were compromised," the company stated. "We reached out to that subset and recommended an immediate rotation of credentials."
The company's acknowledgment followed numerous reports from X platform users who noted that a listing appeared on the cybercrime forum BreachForums by an account named "ShinyHunters" purporting to sell Vercel's compromised information for $2 million.
According to the forum posting, the threat actor claimed possession of access keys, proprietary source code, database credentials and employee account information with privileges to internal deployments, which the seller suggested could enable a "global supply chain attack."
While Vercel refrained from directly commenting on the specific assertions made in the forum post, the company characterized the perpetrator as "highly sophisticated based on their operational velocity and detailed understanding of Vercel's systems."
Third-party AI tool compromised to carry out hack
On Sunday, Vercel's Chief Executive Officer Guillermo Rauch disclosed that the security incident began when one of Vercel's staff members was targeted through a compromise of an external artificial intelligence platform they utilized called Context.ai.
Following this initial breach, the malicious actor successfully gained unauthorized access to the Vercel employee's Google Workspace account, which subsequently provided them with entry points to certain internal systems belonging to Vercel.
According to Rauch, while the company maintains full encryption for customer environments in storage, it provides functionality allowing variables to be marked as "non-sensitive," and the threat actor "got further access through their enumeration."
"We believe the attacking group to be highly sophisticated and, I strongly suspect, significantly accelerated by AI," Rauch stated. "They moved with surprising velocity and in-depth understanding of Vercel."
Rauch indicated that Vercel had "deployed extensive protection measures and monitoring" and conducted a comprehensive analysis of its supply chain infrastructure to verify that "Next.js, Turbopack, and our many open source projects remain safe for our community."
"My advice to everyone is to follow the best practices of security response: secret rotation, monitoring access to your Vercel environments and linked services, and ensuring the proper use of the sensitive env variables feature," the CEO added.