The cloud deployment and hosting platform, Vercel, has recently experienced a security breach that allowed attackers to infiltrate certain internal systems, leading to a compromise of credentials for a limited number of customers.
Advice for Affected Customers
The breach stemmed from a compromise of Context.ai, a third-party AI tool utilized by a Vercel employee. The Vercel security team detailed the incident in a blog post published on Sunday.
The attacker exploited this access to hijack the employee’s Vercel Google Workspace account, which granted them entry to some Vercel environments and environment variables that were not labeled as ‘sensitive.’
Vercel’s CEO, Guillermo Rauch, elaborated on the situation: “Vercel secures all customer environment variables through full encryption at rest. We have numerous defense mechanisms in place to protect core systems and customer data. However, we also allow for designating environment variables as ‘non-sensitive.’ Regrettably, the attacker was able to gather further access through enumeration.”
Customers confirmed to be affected have been directly informed and instructed to promptly rotate credentials and environment variables. They are also advised to check their account activity logs and environments for anything suspicious, rotate Deployment Protection tokens (if applicable), and monitor recent deployments for any unexpected or dubious activities.
“We recommend utilizing the sensitive environment variables feature going forward to ensure that secret values remain secure,” the team added.
In response to the incident, Vercel has implemented additional protective measures, enhanced monitoring, notified law enforcement, and engaged cybersecurity experts for further investigation.
“We’re conducting a thorough analysis of our supply chain to ensure that Next.js, Turbopack, and our myriad open-source projects are safe for the community,” Rauch stated.
What Happened, Exactly?
The investigation into the breach is ongoing, with Vercel receiving assistance from the Google Mandiant team and other cybersecurity firms.
They have confirmed the method by which attackers gained initial access to the Vercel employee’s account.
“Our investigation has uncovered that the incident originated from a small, third-party AI tool, which had its Google Workspace OAuth app compromised, potentially affecting hundreds of users across various organizations,” the Vercel security team reported, providing the unique identifier for the app involved: 110671459871-30f1spbu0hptbs60cb4vsmv79i7bbvqj.apps.googleusercontent.com.
Nudge Security’s CTO, Jaime Blasco, connected this tool to Context.ai, the company behind the AI-native office suite.
“Google has removed the account, but I’m confident the third-party AI tool referenced by Vercel is context[.]ai, based on a now-defunct Chrome browser extension listing tied to an OAuth grant within the same account ID,” he explained. “They removed the extension from the Chrome marketplace on March 27th, which raises suspicions.”
It’s likely that Vercel is not the only organization affected by this third-party breach. Administrators of Google Workspace and Google Account users are encouraged to verify if they have been using the Chrome extension and to initiate their own investigations if they have.
“We’ve reached out to Context for cooperation in understanding the full scope of the incident to protect other organizations and the wider internet,” Rauch mentioned.
On Sunday, Context also published an advisory acknowledging a security incident that involved unauthorized access to their AWS environment.
“Based on feedback from Vercel and our own internal investigation, we identified that during the incident last month, the unauthorized actor likely compromised OAuth tokens for some of our consumer users. We also realized that the unauthorized actor seemingly utilized a compromised OAuth token to access Vercel’s Google Workspace,” the company stated.
“While Vercel is not a direct customer of Context, it appears that at least one employee signed up for the AI Office Suite using their Vercel enterprise account and granted ‘Allow All’ permissions. Vercel’s internal OAuth configurations seem to have permitted this by granting extensive permissions within Vercel’s enterprise Google Workspace.”
Who’s Behind the Breach?
“We perceive the attacking group to be highly sophisticated and, I strongly suspect, significantly enhanced by AI,” Rauch stated today. “Their actions exhibited remarkable speed and a deep understanding of Vercel.”
Screenshot of the BreachForums post
The breach involving Vercel has been claimed by ShinyHunters—or someone impersonating this notorious cybercriminal group—via a post on BreachForums, where they were reportedly attempting to sell the stolen information, asserting it could be utilized to execute “the largest supply chain attack ever.”
The post has since been deleted, and the genuine ShinyHunters have denied any involvement in the breach.
Stay updated with breaking news by subscribing to our e-mail alert for the latest breaches, vulnerabilities, and cybersecurity threats. Subscribe here!
