Vercel exposes customers via AI-tool breach
- Vercel said on April 24 it found a small number of additional customer accounts compromised in its April security incident, after attackers accessed internal systems through a breached Context.ai integration. - The company said the original breach exposed non-sensitive environment variables that decrypt to plaintext, while a separate review also found other customer accounts showing compromise that did not originate on Vercel. - The disclosure widened an incident Vercel first reported on April 19 and tied to a third-party Google Workspace OAuth path, extending concern beyond the initially notified customers. (vercel.com)
Vercel said on April 24 that its investigation found additional customer accounts compromised after the company’s April security incident. (vercel.com) The company first disclosed the breach on April 19, saying attackers got unauthorized access to certain internal Vercel systems. Vercel tied the intrusion to Context.ai, a third-party artificial intelligence tool used by one employee. (vercel.com) (techcrunch.com) Vercel said the attackers used that access to take over the employee’s Google Workspace account and then reach some internal environments and environment variables that were not marked “sensitive.” The company said customers whose non-sensitive variables were compromised were contacted directly and told to rotate credentials. (techcrunch.com) (vercel.com) Environment variables are the hidden settings that apps use for secrets like application programming interface keys, database logins, and tokens. Vercel said variables marked “sensitive” are protected differently, while the exposed set was the subset that can decrypt to plaintext. (vercel.com) (thehackernews.com) The April 24 update widened the scope. Vercel said a broader review of network requests and environment-variable read events found a small number of additional accounts compromised in the April incident. (vercel.com) The same review also found a small number of customer accounts with signs of compromise that appeared separate from the April incident. Vercel said those cases did not appear to have originated on Vercel systems and that the affected accounts were contacted with corrective steps. (vercel.com) TechCrunch reported that Vercel warned the hack could affect “hundreds of users across many organizations,” not only Vercel’s own systems. The outlet also reported that a seller on a cybercrime forum claimed to be offering stolen Vercel data, while ShinyHunters denied involvement. (techcrunch.com) Vercel said its npm packages were validated and not compromised, and the company said Next.js and Turbopack were not affected. It also said it had engaged incident-response experts, notified law enforcement, and moved to ad hoc bulletin updates as the investigation continued. (vercel.com) (techcrunch.com) The thread running through the incident is identity, not source code: a trusted software connection to Google Workspace became the route into internal systems. Vercel’s latest update shows the customer count changed as investigators widened their log review after the first disclosure. (vercel.com)
