Back

Vercel Security Breach Linked to Compromised AI Tool

Severity: High (Score: 65.2)

Sources: www.bleepingcomputer.com, Gbhackers, Panewslab, Heise.De, Theblock.Co

Summary

Vercel has confirmed a security breach resulting from unauthorized access to its internal systems, affecting a limited subset of customers. The breach was traced back to a compromised third-party AI tool, Context.ai, which allowed attackers to gain access to a Vercel employee's Google Workspace account. This access enabled the threat actor to view non-sensitive environment variables, although sensitive data remains protected. The hacker group, allegedly linked to ShinyHunters, is reportedly attempting to sell stolen data, including employee records and internal access keys, for $2 million. Vercel has engaged cybersecurity experts, notified law enforcement, and advised affected customers to rotate their credentials. The company continues to investigate the incident and has implemented additional security measures. Current operations remain unaffected, but the incident highlights vulnerabilities associated with third-party integrations. Key Points: • Vercel's breach originated from a compromised third-party AI tool, Context.ai. • The attacker accessed a limited subset of customer credentials via a Google Workspace account. • Vercel has engaged incident responders and advised customers to rotate their credentials immediately.

Key Entities

  • ShinyHunters (apt_group)
  • Kelp (apt_group)
  • Data Breach (attack_type)
  • Supply Chain Attack (attack_type)
  • Aave (platform)
  • AI Office Suite (platform)
  • GitHub (platform)
  • Google Workspace (platform)
  • Context (company)
  • Rockstar Games (company)
  • Vercel (company)
  • AWS (company)
  • CWE-200 - Exposure of Sensitive Information (cwe)
  • CWE-287 - Improper Authentication (cwe)
  • CWE-862 - Missing Authorization (cwe)
  • 110671459871-30f1spbu0hptbs60cb4vsmv79i7bbvqj.apps.googleusercontent.com (domain)
  • beincrypto.com (domain)
  • context.ai (domain)
  • tutamail.com (domain)
  • weex.com (domain)
  • T1021 - Remote Services (mitre_attack)
  • T1041 - Exfiltration Over C2 Channel (mitre_attack)
  • T1068 - Exploitation for Privilege Escalation (mitre_attack)
  • T1078 - Valid Accounts (mitre_attack)
  • T1195 - Supply Chain Compromise (mitre_attack)
  • Npm (tool)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed