Hackers exploit Vercel’s trust in AI integration
This image was generated by AI and may not depict real events.
Vercel, a frontend cloud platform, suffered a data breach after a compromised third-party AI application, Context.ai, abused OAuth to access its internal systems. The breach exposed a limited set of customer credentials, prompting Vercel to urge customers to rotate their credentials.
Vercel, the creator of Next.js and Turbo.js, has warned of a data breach after a compromised third-party AI application, Context.ai, abused OAuth to access its internal systems. A Vercel employee's Google Workspace account was taken over, exposing some environment variables not marked as 'sensitive'. The breach compromised a 'limited subset' of customers' Vercel credentials, who have been asked to rotate their credentials. Vercel is working with Mandiant, cybersecurity firms, and law enforcement to investigate. The threat actor, allegedly Shinyhunters, is attempting to sell the stolen data, including access keys, source code, and private databases, for $2 million. Vercel has urged customers to review activity logs, rotate environment variables, and strengthen safeguards.
This content was automatically generated and/or translated by AI. It may contain inaccuracies. Please refer to the original sources for verification.