Vercel Breach Tied to Context AI Hack Exposes Limited Customer Credentials
The Hacker News • • business
Key Points:
- Vercel disclosed a security breach originating from a compromised third-party AI tool, Context.ai, which allowed attackers to access certain internal systems via an employee's Google Workspace account.
- The attackers accessed some environment variables not marked as "sensitive," but Vercel confirmed that encrypted sensitive variables were not compromised.
- A limited subset of customers had credentials compromised, prompting Vercel to notify them and recommend immediate credential rotation and other security best practices.
- Vercel is collaborating with cybersecurity firms, law enforcement, and Context.ai to investigate the breach, while a threat actor using the ShinyHunters persona has claimed responsibility and is attempting to sell the stolen data for $2 million.
- In response, Vercel has enhanced its security measures, improved dashboard capabilities for managing environment variables, and reassured the safety of its open source projects like Next.js and Turbopack.
