Cloud hosting giant Vercel this weekend said hackers had breached its internal systems and accessed customer data. The hackers claimed to have stolen sensitive customer credentials from Vercel’s systems and are selling the data online.
In announcement on SundayVercel said the breach came from another software maker, Context AI. One of Vercel’s employees downloaded an app made by Context AI and connected it to their company account, which is hosted by Google. The hackers used this connection (known as OAuth) to hijack the Vercel employee’s Google account and gain access to some of Vercel’s internal systems, including credentials that were not encrypted.
Vercel says the Next.js and Turbopack projects were not affected by the breach. Both open source projects are widely used by web and app developers.
Vercel said it has contacted customers whose data and app keys were compromised.
In a post on XVercel CEO Guillermo Rauch advised customers to swap any keys and credentials in their app deployments that are marked as “non-sensitive.”
It is not clear who is behind the breach in Vercel or Context AI or if it is the same hacker. The threat actor selling the data claimed to represent the hacker group ShinyHunters in their posting on a cybercriminal forum. The post, seen by TechCrunch, claimed the hackers were selling access to customer API keys, source code and database data stolen from Vercel.
Hacker group ShinyHunters, known for hacking cloud- and database-based companies, said cybersecurity news site Bleeping Computer that they are not involved in this incident.
A Vercel spokesperson did not say how many customers could be affected, but said the company has not received any communication from the threat actor, such as a ransom demand.
While the details of the hack are still emerging, this security breach is the latest in a series of “supply chain” hacks in recent months that have targeted software developers whose code is widely used on the web. By compromising software widely used by companies and supporting web infrastructure, hackers can steal credentials from a wide range of targets simultaneously and further gain access to large amounts of data stored by other cloud giants.
Vercel said little else about the attack, other than that it was investigating the incident and had requested answers from Context AI. Vercel said the hack could affect “hundreds of users across multiple organizations,” not just its own system, warning of potential downstream breaches spanning the tech industry.
Context AI, which creates evaluations and analysis for artificial intelligence models, confirmed on its website that it had a breach in March involving its Context AI Office Suite consumer app. The app allows users to automate actions and workflows across multiple third-party apps through an anonymous third-party service.
AI framework he said notified a customer of the breach, but based on the Vercel incident, now believes the incident is likely broader than originally thought. Ambient AI said the hackers “may have compromised OAuth tokens for some of our consumer users.”
Context AI did not respond to a request for comment or questions about the breach. It’s unclear why Context AI didn’t disclose the breach at the time, or whether the company received any demands from the hacker, such as a ransom.
Fixed to remove a reference to an unrelated environment AI whose staff was acquired by OpenAI. Updated with comment from Vercel.
