Over the weekend, cloud app hosting giant Versel announced that hackers had infiltrated its internal systems and accessed customer data. The hackers claim to have stolen sensitive customer credentials from Vercel’s systems and sold that data online.
Vercel said in a statement Sunday that the breach originated from another software maker, Context AI. One of Vercel’s employees downloaded an app made by Context AI and connected it to a company account hosted by Google. Hackers used that connection (known as OAuth) to take over Vercel employees’ Google accounts and access some of Vercel’s internal systems, including unencrypted credentials.
Vercel said its Next.js and Turbopack projects were not affected by the breach. Both open source projects are widely used by web and app developers.
Vercel said it has contacted customers whose app data and keys were compromised.
In a post on X, Vercel CEO Guillermo Rauch advised customers to rotate keys and credentials in app deployments that are marked “not sensitive.”
It is not clear who is behind the Vercel and Context AI breaches, or if they are the same hacker. The attackers who sold the data claimed to be representatives of the hacking group ShinyHunters, which is listed on a cybercrime forum. The post, seen by TechCrunch, claims that the hackers were selling access to customers’ API keys, source code, and database data stolen from Vercel.
Shiny Hunters, a hacker group known for infiltrating cloud-based and database companies, told cybersecurity news site Bleeping Computer that it was not involved in the incident.
A Vercel spokesperson declined to say how many customers may be affected, but said the company has not received any ransom demands from threat actors.
Although details of the hack are not yet clear, the breach is the latest in a series of “supply chain” hacks in recent months targeting software developers whose code is widely used on the web. By compromising software that is widely used by enterprises and supports web infrastructure, hackers can steal credentials from a wide range of targets at once and gain further access to large amounts of data stored by other cloud giants.
Vercel has said little about the attack other than to say it is investigating the incident and calling on Context AI for answers. Vercel said the hack could affect not only its own systems but “hundreds of users across many organizations,” and warned of potential downstream breaches across the technology industry.
Context AI, which builds AI model evaluation and analysis, confirmed on its website that there was a breach related to the Context AI Office Suite consumer apps in March. The app allows users to automate actions and workflows across multiple third-party applications via unnamed third-party services.
Context AI said it has notified one customer of the breach, but based on the Vercel incident, it now believes the incident is likely more widespread than originally thought. Context AI said hackers “may have compromised the OAuth tokens of some consumer users.”
Context AI did not respond to requests for comment or questions about this breach. It is unclear why Context AI did not disclose the breach at the time or whether the company received any ransom or other demands from the hackers.
Fixed to remove references to unrelated Context AI staffed by OpenAI. Updated comment from Vercel.
Source link
