Web infrastructure provider Vercel has disclosed a security breach that allowed malicious parties to gain unauthorized access to “certain” Vercel internal systems.
The incident stemmed from a breach of Context.ai, a third-party artificial intelligence (AI) tool used by the company’s employees.
“The attacker used that access to take over the employee’s Vercel Google Workspace account, which allowed the employee to access some Vercel environments and environment variables that were not marked as ‘sensitive,'” the company said in a bulletin.
Vercel said environment variables marked “sensitive” are stored in an encrypted manner so that they cannot be read, and there is currently no evidence to suggest that their values have been accessed by an attacker.
The paper described the attackers behind the incident as “sophisticated” based on their “speed of operation and detailed understanding of the Vercel system.” The company also said it is working with Google’s Mandiant and other cybersecurity companies, as well as reporting to law enforcement and working with Context.ai to better understand the full extent of the breach.
A “limited portion” of its customers were said to have had their credentials compromised, and Vercel contacted them directly and urged them to rotate their credentials immediately. The company is continuing to investigate what data was compromised and will contact customers if it finds further evidence of a breach.
Vercel also advises Google Workspace administrators and Google account holders to review the following OAuth applications:
110671459871-30f1spbu0hptbs60cb4vsmv79i7bbvqj.apps.googleusercontent.com
The following best practices are recommended for additional mitigation:
Vercel has not yet released details such as which systems were compromised, how many customers were affected, or who was behind it, but an attacker using the ShinyHunters persona claimed responsibility for the hack and sold the stolen data for an asking price of $2 million.
“We have put in place extensive safeguards and monitoring. We have analyzed our supply chain and ensured that Next.js, Turbopack, and our many open source projects are safe for our community,” Vercel CEO Guillermo Rauch said in a post on X.
“In response, we are already rolling out new features to the dashboard, including an environment variables overview page and a better user interface for creating and managing sensitive environment variables, to help improve the security posture of all our customers.”
Source link
