You can access the original Vercel blog post from here.
The cloud platform Vercel has confirmed that attackers breached its internal systems, affecting a “limited subset” of customers and exposing some non-sensitive environment variables.
In its official disclosure, Vercel said it was investigating the incident with external experts and had informed law enforcement. The company maintained that its core services remain operational and that it has contacted affected users. It urged them to rotate credentials and review their environment variables.
How the breach happened: Attackers compromised Context.ai, a third-party AI tool, to gain access to Vercel. They took over an employee’s Google Workspace account using a compromised OAuth token linked to Context’s AI Office Suite.
This access allowed attackers to move further into Vercel’s systems and view environment variables that the company had not marked as “sensitive.” The company said it protected sensitive variables and found no evidence of unauthorised access.
CEO explains internal escalation: Vercel CEO Guillermo Rauch confirmed the sequence in an X post, stating: “Through a series of maneuvers that escalated from our colleague’s compromised Vercel Google Workspace account, the attacker got further access to Vercel environments.” He added: “We do have a capability, however, to designate environment variables as ‘non-sensitive’. Unfortunately, the attacker got further access through their enumeration.”
Rauch described the attackers as “highly sophisticated” and said the company is focusing on investigation, customer communication, and strengthening security systems.
Hackers claim stolen data, identity remains unclear: The disclosure followed a threat actor posting on a hacking forum claiming to be selling Vercel data, including access keys, source code, and database contents. The actor said they had access to “multiple employee accounts” and internal deployments.
However, the hacker claimed links to the ShinyHunters group, which later denied involvement when cybersecurity outlet BleepingComputer contacted it. The authenticity of the leaked data has not been independently verified.
Reports also indicate that the attacker shared a dataset of around 580 employee records and screenshots of internal dashboards, and claimed to be discussing ransom payments of up to $2 million, though Vercel has not confirmed any such negotiations.
Context AI acknowledges earlier breach: Context.ai said the root incident occurred earlier in its now-deprecated AI Office Suite. Attackers gained unauthorised access to its AWS environment and compromised the OAuth tokens of some users.
The company stated that one such token was used to access Vercel systems. It has since shut down the affected environment and is working with the cybersecurity firm CrowdStrike to assess the full impact. Context.ai added that its enterprise products, which run in…
Source link
Disclaimer
We strive to uphold the highest ethical standards in all of our reporting and coverage. We blogs.grocliq.com want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.
Website Upgradation is going on for any glitch kindly connect at [email protected]
