Cloud app hosting leader Vercel disclosed over the weekend that its internal systems were breached by hackers, who reportedly accessed sensitive customer information. According to the hackers, they have stolen user credentials from Vercel and are attempting to sell the data on the dark web.
In a statement made on Sunday, Vercel explained that the breach was linked to Context AI, a software provider. An employee of Vercel downloaded an application developed by Context AI and connected it to their corporate account hosted on Google. This connection, known as OAuth, allowed the hackers to hijack the Vercel employee’s Google account, which subsequently granted them access to various internal systems, revealing unencrypted credentials.
Despite the breach, Vercel reassured users that its open-source projects, Next.js and Turbopack, remained unaffected. The company has reached out to those customers whose application data and keys may have been compromised.
Vercel’s CEO Guillermo Rauch urged customers to promptly rotate any app keys and credentials classified as “non-sensitive,” as a precautionary measure in light of the incident. It remains unclear who orchestrated the breach involving Vercel and Context AI, or if the same hacker group was responsible. The group claiming to sell the stolen data associated itself with the “ShinyHunters” hacking collective but later distanced themselves from this incident when contacted by security media.
This incident is part of a disturbing trend of “supply chain” attacks targeting software developers whose tools are widely deployed, enabling hackers to extract credentials from a broad array of entities simultaneously. Vercel acknowledged that the breach could impact “hundreds of users across many organisations,” suggesting that the consequences may extend throughout the tech sector.
Context AI has reported a breach of its own earlier this year in March that involved its Context AI Office Suite application. This app facilitates workflow automation across various third-party applications through an unnamed service. They had initially notified only one customer, but in light of Vercel’s incident, Context AI admits the breach may involve a wider scope than previously recognised, indicating that the hackers likely compromised OAuth tokens of their users.
As of now, Context AI has not provided further comments regarding the breach, and it remains unknown why it did not disclose the incident sooner or if any ransom demands were made. Vercel similarly has not commented on how many of its customers might be affected.
This breach serves as a stark reminder of the vulnerabilities inherent in interconnected software systems and the ongoing risk posed by cybercriminals targeting cloud services.
Fanpage: TechArena.au
Watch more about AI – Artificial Intelligence
