'We've identified a security incident': Vercel breach confirmed after hackers claim stolen data for sale online

News
By published

Cloud development platform confirms theft of "non-sensitive data"

business cloud
(Image credit: Shutterstock / Blackboard)
  • Vercel confirms cyberattack via compromised Context.ai account
  • Attacker accessed employee Google Workspace, exposed non‑sensitive environment data
  • Dark web actor claims ShinyHunters link, selling alleged Vercel source code and 580 employee records for $2M

Cloud development platform Vercel confirmed suffering a cyberattack and losing “non-sensitive” customer data. In a new security bulletin published earlier this morning, the company’s security team said that during the weekend it “identified a security incident that involved unauthorized access to certain internal Vercel systems.”

This seems to have been a supply chain attack. Vercel said one of its employees used a third-party AI tool called Context.ai, which seems to have been used as the entry point.

“The incident originated with a compromise of Context.ai” the advisory reads, saying that the attacker used that access to take over that employee’s Google Workspace account. Through that, they gained access to some Vercel environments and environment variables “that were not marked as ‘sensitive’.

Article continues below

ShinyHunters (do not) claim responsibility

Vercel did not say how many customers were compromised, or what kind of information it lost. It said it already notified everyone who has been affected, recommending an immediate rotation of credentials.

“We continue to investigate whether and what data was exfiltrated and we will contact customers if we discover further evidence of compromise. We’ve deployed extensive protection measures and monitoring. Our services remain operational,” the notice reads.

Just one day before sharing this announcement, a new thread surfaced on a dark web forum, advertising the sale of sensitive Vercel data, BleepingComputer found.

“Greetings all. Today I am selling Access Key/Source Code/Database from Vercel,” the ad reads.

The threat actor also shared a text file with Vercel employee information, apparently containing 580 data records with names, email addresses, account statuses, and activity timestamps. They are allegedly asking for $2 million in exchange for deleting and not leaking the stolen files.

It is also interesting that this threat actor claims to be part of the ShinyHunters extortion group, but the group seems to have distanced itself from this incident.

Via BleepingComputer

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.

Google logo on a black background next to text reading 'Click to follow TechRadar'

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.