Cloud development platform Vercel has stated that its systems were compromised in a recent security incident. According to the company, the attack originated from a compromised third-party AI tool. The breach has impacted a limited number of customers, according to the company.
According to the company’s website, it has clients including the likes of OpenAI, Cursor, Pinterest, and Bose. The data stolen in this attack could create bigger disruptions. Though Vercel claims that no sensitive information was accessed by the hackers.
As per reports, the people behind the attack are likely part of ShinyHunters, a group that recently targeted GTA makers Rockstar games. The hackers claim to be selling the data from this attack on Vercel online.
What is Vercel?
Vercel is a cloud platform that hosts and deploys web apps. The company is known for developing the popular Next.js framework, a widely used React framework. It also provides services that enable developers to build, preview, and deploy applications.
The platform has a big portfolio of customers spanning industries such as software, retail, and AI. Vercel states that only a limited number of its customers were likely impacted by this breach.
Vercel attack started from AI tool
The company wrote in a blog post that the attack originated from a compromised “third-party AI tool” used by an employee. However, it does not explicitly name which tool it was.
The threat actors were able to get access to the employee’s Google Workplace account from this AI tool, and then gain access to some of Vercel’s environment variables, which are stored outside an app’s code, and tell an app how to function. Though, the platform claims that the hackers only got the variables that were not marked as “sensitive.”
Hackers say this can start supply chain attack
Vercel’s clarification came after users of a hacking forum claimed to be selling information about Vercel’s customers. The hacker claims that this data could be used for a major attack on the global supply chain. The forum post reads, “We have verified access keys for a potential global supply chain attack. We’re selling this access. Are you interested in buying it?”
The hackers claim to be part of ShinyHunters. However, As per a report from Bleepingcomputer, the ShinyHunters group has denied such claims.
The hackers also shared a text file which contains Vercel employee information – 580 data records containing names, email addresses, account status, and activity timestamps. As per reports, the hackers discussed an alleged ransom demand of $2 million (roughly Rs 18.5 crore).
What happens now?
Following the breach, Vercel has advised its customers to review their environment variables for sensitive information and to rotate secrets if necessary. The company has also rolled out updates to its dashboard, including an improved interface for managing sensitive environment variables.
While Vercel’s core services remain unaffected, the company is working with impacted customers and has notified law enforcement. Vercel has also published an indicator of compromise (IOC) to assist the wider community in investigating potential malicious activity.
