- Vercel confirms cyberattack via compromised Context.ai account
- Attacker accessed employee’s Google Workspace and exposed non-sensitive environmental data
- Dark Web Actor Claims ShinyHunters Link, Sells Alleged Vercel Source Code and 580 Employee Records for $2 Million
Cloud development platform Vercel confirmed having suffered a cyber attack and having lost “non-confidential” data of its clients. In a new security bulletin published this morning, the company’s security team said that over the weekend it “identified a security incident involving unauthorized access to certain internal Vercel systems.”
This appears to have been a supply chain attack. Vercel said one of its employees used a third-party AI tool called Context.ai, which appears to have been used as an entry point.
“The incident originated with a compromise of Context.ai,” reads the advisory, which says the attacker used that access to take over that employee’s Google Workspace account. Through that, they gained access to some Vercel environments and environment variables “that were not marked as ‘sensitive’.
Article continues below.
ShinyHunters is (not) responsible
Vercel did not say how many customers were compromised or what type of information it lost. He said he has already notified everyone affected and recommended an immediate rotation of credentials.
“We continue to investigate whether and what data was exfiltrated and will contact customers if we discover further evidence of compromise. We have implemented extensive protection and monitoring measures. Our services remain operational,” the notice reads.
Just one day before sharing this announcement, a new thread appeared on a dark web forum announcing the sale of confidential Vercel data. beepcomputer found.
“Greetings everyone. Today I am selling Vercel access key/source code/database,” the ad reads.
The threat actor also shared a text file with Vercel employee information, apparently containing 580 data records with names, email addresses, account statements, and activity timestamps. They supposedly ask for $2 million in exchange for deleting and not leaking the stolen files.
It is also interesting that this threat actor claims to be part of the ShinyHunters extortion group, but the group appears to have distanced themselves from this incident.
Through beepcomputer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds.
