- Vercel confirms cyberattack via compromised Context.ai account
- Attacker accessed employee Google Workspace, exposed non‑sensitive environment data
- Dark web actor claims ShinyHunters link, selling alleged Vercel source code and 580 employee records for $2M
Cloud development platform Vercel confirmed suffering a cyberattack and losing “non-sensitive” customer data. In a new security bulletin published earlier this morning, the company’s security team said that during the weekend it “identified a security incident that involved unauthorized access to certain internal Vercel systems.”
This seems to have been a supply chain attack. Vercel said one of its employees used a third-party AI tool called Context.ai, which seems to have been used as the entry point.
“The incident originated with a compromise of Context.ai” the advisory reads, saying that the attacker used that access to take over that employee’s Google Workspace account. Through that, they gained access to some Vercel environments and environment variables “that were not marked as ‘sensitive’.
Article continues below
ShinyHunters (do not) claim responsibility
Vercel did not say how many customers were compromised, or what kind of information it lost. It said it already notified everyone who has been affected, recommending an immediate rotation of credentials.
“We continue to investigate whether and what data was exfiltrated and we will contact customers if we discover further evidence of compromise. We’ve deployed extensive protection measures and monitoring. Our services remain operational,” the notice reads.
Just one day before sharing this announcement, a new thread surfaced on a dark web forum, advertising the sale of sensitive Vercel data, BleepingComputer found.
“Greetings all. Today I am selling Access Key/Source Code/Database from Vercel,” the ad reads.
The threat actor also shared a text file with Vercel employee information, apparently containing 580 data records with names, email addresses, account statuses, and activity timestamps. They are allegedly asking for $2 million in exchange for deleting and not leaking the stolen files.
It is also interesting that this threat actor claims to be part of the ShinyHunters extortion group, but the group seems to have distanced itself from this incident.
Via BleepingComputer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.
https://cdn.mos.cms.futurecdn.net/TSjWTMB6Euv4FSFe2seQh-2560-80.jpg
Source link
