Vercel Confirms Data Breach from Third-Party AI Tool: Key Insights

Renowned for developing and maintaining Next.js, a popular open-source framework built on the React library, Vercel derives revenue from its open-source contributions by providing a hosted serverless platform for front-end applications, along with services such as edge computing and CI/CD pipelines that facilitate developers in building, previewing, and deploying their applications.

This incident underscores a growing trend of hackers targeting AI tools for supply chain attacks. In recent weeks, major open-source AI projects—including Axios, LiteLLM, and Trivy—have faced compromises, thereby affecting the companies whose developers depend on these tools.

The timing of the breach coincides with advancements in AI models, which may be exploited by malicious actors. Earlier this month, Anthropic announced the development of a new AI model, Claude Mythos, which has not yet been released due to potential cybersecurity threats.

“We believe the group behind the attack is highly sophisticated and likely enhanced by AI. Their approach was swift and displayed a profound understanding of Vercel,” stated Guillermo Rauch, CEO of Vercel, in a post on X.

“Our primary focus at present is on investigation, customer communication, bolstering security protocols, and sanitizing our environments. We have implemented extensive protective measures and monitoring systems. Additionally, we have thoroughly reviewed our supply chain to guarantee the safety of Next.js, Turbopack, and our various open-source projects for the community,” added Rauch.

Modus Operandi

According to CEO Rauch, initial access for the attackers occurred through a compromised Google Workspace account of a Vercel employee, which was breached via the AI platform Context.ai.

From there, the attackers infiltrated Vercel’s environments, gaining access to environment variables that were not categorized as sensitive and subsequently not encrypted at rest.

“All customer environment variables at Vercel are stored fully encrypted at rest. We employ numerous defense mechanisms to safeguard our core systems and customer data. However, we do allow for the designation of environment variables as ‘non-sensitive.’ Unfortunately, the attacker was able to gain further access through enumeration,” Rocha explained.

In response to the breach, Vercel has implemented updates to its dashboard, which now includes an overview page for environment variables and an enhanced interface for managing sensitive variables.

The company has urged customers to review their environment variables for sensitive information and to activate the sensitive variable feature to ensure encryption at rest.

Who is Behind the Hack?

Before Vercel’s announcement, the notorious hacker group ‘ShinyHunters’ claimed responsibility for the breach and attempted to sell the stolen data, as reported by Bleeping Computer.

In a post on an unnamed hacking forum, ShinyHunters stated they were selling access keys, source code, and database information reportedly stolen from Vercel, including access to internal deployments and API keys.

“This data is just proof from Linear, but the full access I’m offering includes multiple employee accounts with permissions to several internal deployments and API keys (including some NPM tokens and GitHub tokens),” read a post on the forum.

The attackers also released a text file containing information on Vercel employees, consisting of 580 data records with names, Vercel email addresses, account statuses, and activity timestamps.

They further disclosed a screenshot of what seemed to be an internal Vercel Enterprise dashboard and indicated they were negotiating with the company over a ransom demand of $2 million. It remains unconfirmed whether ShinyHunters was indeed behind the Vercel breach.