Vercel Confirms Cyber Incident After Sophisticated Attacker Exploits Third-Party Tool
Vercel confirmed a cyber incident where a sophisticated attacker exploited a third-party tool, Context.ai, to compromise an employee's Google Workspace account and access internal environments.
Next.js developer Vercel has confirmed a cyber incident conducted by a 'highly sophisticated' attacker that may have resulted in threat actors obtaining sensitive internal data. The US firm, which provides developer tools and cloud infrastructure, said in an updated April 21 notice that the unauthorized access originated from an employee's use of a third-party tool, Context.ai.
The attacker used that access to take over the employee's Vercel Google Workspace account, enabling them to gain access to some Vercel environments and environment variables that were not marked as sensitive. Environment variables marked as 'sensitive' in Vercel are stored in a manner that prevents them from being read, and the company currently does not have evidence that those values were accessed.
Vercel claimed that the attacker was 'highly sophisticated based on their operational velocity and detailed understanding of Vercel's systems.' However, it confirmed that none of its npm packages were compromised and there is no evidence of tampering, meaning projects like popular React framework Next.js are safe.
According to screenshots posted to X (formerly Twitter), a threat actor purporting to be part of the ShinyHunters collective is trying to extort Vercel for $2 million. They claim to have access to multiple employee accounts with access to several internal deployments, as well as API keys, npm/GitHub tokens, source code, and databases.
Vercel said it has already reached out to a limited subset of customers whose non-sensitive environment variables stored on Vercel were compromised. As it works with Mandiant to ascertain the validity of the threat actor's claims, Vercel has issued advice for customers: enable multi-factor authentication (MFA) via authenticator app or passkey, review and rotate environmental variables not marked as 'sensitive' (including API keys, tokens, database credentials, and signing keys), use the sensitive environmental variables feature to protect secret values, review activity logs for suspicious activity, investigate suspicious or unexpected recent deployments, ensure deployment protection is set to standard at a minimum, and rotate deployment protection tokens.
Cory Michal, CISO at AppOmni, traced the breach back to the OAuth access Context.ai provided to the Vercel employee's Google Workspace account. 'Once a user authorizes one app, that trust can extend into email, identity, CRM, development, and other systems in ways many organizations do not fully inventory or monitor, which makes a single compromised integration a powerful pivot point,' he added. 'The key lesson is that third-party risk management cannot stop at reviewing a vendor's SOC 2 report or penetration test results. Organizations need continuous visibility into how third-party applications are actually connected across their SaaS estate, what OAuth grants and integration tokens they hold, and how those relationships could be abused if one provider is compromised.'