Over the weekend, Vercel, a major cloud app hosting company, revealed a security breach where hackers accessed its internal systems and customer data. Allegedly, sensitive customer credentials have been stolen and are being sold online.
In a statement, Vercel attributed the breach to Context AI, a software firm. A Vercel employee installed a Context AI app and linked it to their corporate Google account. This OAuth connection was exploited by the hackers to compromise the Google account and infiltrate some of Vercel’s internal systems, accessing unencrypted credentials.
Vercel clarified that its Next.js and Turbopack projects remain unaffected. The company has reached out to customers impacted by the compromised data and keys.
On X, CEO Guillermo Rauch urged customers to update any deployment credentials labeled “non-sensitive.”
The identities behind the breaches at Vercel and Context AI are unclear, and it’s unknown if it’s the same hacker. The hacker, claiming to represent ShinyHunters, is reportedly selling stolen customer API keys, source code, and database data on a cybercriminal forum. Despite ShinyHunters’ reputation for targeting similar companies, they have denied involvement in this breach.
As more details unfold, the breach exemplifies recent “supply chain” hacks targeting widely used software to access extensive data from multiple companies.
Vercel, still probing the incident, has engaged Context AI for answers. The attack might affect “hundreds of users across many organizations.”
Context AI, known for AI model analytics and evaluations, acknowledged a breach in March linked to their Office Suite consumer app, affecting OAuth tokens. They informed one customer but now suspect a broader impact. The company did not comment on the breach or potential demands like ransom. Vercel has also remained silent on the full scope of the impact on its customers.
Correction: A reference to an unrelated Context AI, acquired by OpenAI, was removed.