Vercel, the cloud platform behind popular tools like Next.js, has revealed a security breach involving a third-party AI app. The company says an attacker used a compromised app to gain access to internal systems, raising concerns about security with AI integrations. Vercel is now working to assess the damage and protect affected customers.

How the Breach Happened

The breach started when a Vercel employee used a third-party AI application called Context.ai. This app was exploited by hackers who used OAuth permissions to access the employee’s Google Workspace account. From there, the attackers were able to retrieve some environment variables, although Vercel says those marked as “sensitive” were not accessed.

Vercel clarified that environment variables labeled as sensitive are stored securely and that there’s no evidence these were read during the breach. Still, some customer credentials were exposed, prompting the company to ask those affected to rotate their credentials. The incident impacted a limited number of customers, according to Vercel.

What the Attackers Accessed

Details about what the hackers stole are still emerging. The attackers claimed to be part of a group called Shinyhunters. Before Vercel publicly confirmed the breach, the hackers allegedly tried to sell stolen data, including access keys, source code, and private databases.

Vercel’s investigation shows that the attackers gained initial access through OAuth permissions tied to Context.ai. Once inside, they inherited the permissions granted to the app, including access to the Vercel employee’s account. It’s unclear whether Context.ai itself was compromised or if tokens were stolen from within the AI workspace, which allowed the hackers to bypass security measures.

Vercel has engaged cybersecurity firms and law enforcement to help with the investigation. The company says the attackers demonstrated a high level of sophistication and a good understanding of Vercel’s systems. They are working to understand the full scope of the breach and prevent further damage.

Steps Vercel Recommends for Customers

Vercel is urging its customers to review their activity logs carefully for any suspicious activity. They recommend rotating environment variables, especially secrets that may not have been marked as sensitive. Customers should also check recent deployments for anomalies and update their deployment security settings.

To minimize risk, Vercel advises rotating tokens and API keys associated with their accounts. They emphasize that secrets not marked as sensitive should be treated as potentially exposed and handled with priority. The company has reassured users that if they haven’t been contacted, their credentials are likely safe for now.

Moving forward, Vercel plans to strengthen its security measures, including better protections for sensitive environment variables and stricter controls on third-party app integrations. The incident highlights the importance of cautious app permissions and careful management of sensitive data in cloud environments.

Inspired by

• https://www.infoworld.com/article/4160856/hackers-exploit-vercels-trust-in-ai-integration-2.html

Sources

• vercel.com
• csoonline.com
• csoonline.com
• csoonline.com
• csoonline.com