- Vercel confirms cyber attack via compromised Context.ai account
- The attacker gained access to employee Google Workspace, exposed non-sensitive environmental data
- Dark web actor claims ShinyHunters link and sells alleged Vercel source code and 580 employee records for 2M
Cloud development platform Vercel confirmed it suffered a cyber attack and lost “non-sensitive” customer data. In a new security bulletin published earlier this morning, the company’s security team said that over the weekend it “identified a security incident involving unauthorized access to certain internal Vercel systems.”
This appears to have been a supply chain attack. Vercel said one of its employees used a third-party AI tool called Context.ai, which appears to have been used as an entry point.
“The incident occurred with a compromise of Context.ai,” reads the notice, which says the attacker used that access to take over the employee’s Google Workspace account. In doing so, they gained access to some Vercel environments and environment variables “that were not marked as ‘sensitive.’
The article continues below
ShinyHunter (does not assume) responsibility
Vercel did not say how many customers were compromised or what kind of information it lost. It said it already notified everyone who has been affected and recommended an immediate rotation of credentials.
“We are continuing to investigate whether and what data was exfiltrated, and will contact customers if we discover further evidence of compromise. We have implemented extensive safeguards and monitoring. Our services remain operational,” the statement read.
Just a day before this announcement was shared, a new thread appeared on a dark web forum advertising the sale of sensitive Vercel data, Bleeping Computer found.
“Greetings everyone. Today I am selling Access Key/Source Code/Database from Vercel,” reads the ad.
The threat actor also shared a text file of Vercel employee information that apparently contained 580 data records of names, email addresses, account statuses, and activity timestamps. They are reportedly asking for $2 million in exchange for deleting and not leaking the stolen files.
It is also interesting that this threat actor claims to be part of the ShinyHunters extortion group, but the group seems to have distanced themselves from this incident.
Via Bleeping Computer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds.
