Front-end cloud platform Vercel, creator of Next.js and Turbo.js, has warned of a data breach after a vulnerable third-party AI app abused OAuth to access its internal systems.
A Vercel employee used a third-party app, identified as Context.ai , that allowed attackers to take control of their Google Workspace account and access other location variables that the company said were not marked as “sensitive.”
“Environment variables marked as “sensitive” in Vercel are stored in a way that prevents them from being read, and we currently have no evidence that those values have been accessed,” Vercel said in a security post.
The incident exposed what the company described as a “limited set” of customers to Vercel’s data exposure. These customers have now been contacted with requests to change their information, Vercel said.
According to reports from the Internet, a threat actor claiming to belong to Shinyhunters started trying to sell the stolen data, which allegedly included the access key, source code, and private database, even before Vercel publicly confirmed the breach.
Access hacking
Vercel’s disclosure confirmed that the first access vector was Google Workspace OAuth connected to Context.ai. Once the application is compromised, the attackers inherit the permissions granted to it, including access to the Vercel employee account.
It is unclear whether Context.ai’s infrastructure was compromised, OAuth tokens were stolen, or a session/token leak within the AI workspace enabled attackers to abuse authorized access to Vercel’s sites. Context.ai did not immediately respond to CSO’s request for comment.
“We engaged with Context.ai directly to understand the full scope of the underlying compromise,” Vercel said in a post. “We assess the attacker as highly sophisticated based on the speed of operation and detailed understanding of Vercel’s systems. We are working with Mandiant, additional cybersecurity firms, industry peers, and law enforcement.”
Vercel has urged its customers to review activity logs for suspicious behavior and rotate environment variables, especially any unsecured secrets that may have been exposed. It also recommended enabling various critical protections, checking for recent deployments of anomalies, and strengthening defenses by updating deployment protection settings and rotating associated tokens when needed.
Sensitive secrets, including API keys, tokens, database credentials, and signing keys, that weren’t marked as “sensitive” should be treated as potentially exposed and rotated as important, Vercel emphasized.
For apprehensive users, Vercel has provided a shortcut. “If you have not been contacted, we have no reason to believe that your Vercel information or personal data has been compromised at this time,” the post confirmed.
It is suspected to be broken by ShinyHunters
According to the screenshots circulating on the internet, the malicious actor has already claimed the breach of the dark web and is trying to sell the goods. “Hello everyone, Today I am selling Access Key/ Source Code/ Database from Vercel company,” said the actor in one of the posts. “Give me a quote if you’re interested. This could be the biggest attack of all if done right.”
Details are set at $2 million on April, 19.
The threat actor can be seen using the “BreachForums” domain in the screenshot, which is (not obviously) Shinyhunters themselves, one of the operators of the infamous hacksite. Other offers include the phone channel “@Shinyc0rpsss” and the email id “shinysevy@tutamail.com” mentioned in the post.
While recent events have revealed that ShinyHunters has resurfaced after being taken down and allegedly arrested, it is still possible that this is a scammer using the name to lend credibility, something that has gone before.
