Vercel has announced that attackers gained access to internal systems. The attack began at Context.ai, an AI tool used by a Vercel employee. Through that entry point, the attackers took over that employee’s Google Workspace account and were thus able to access certain Vercel environments.
The cloud platform for web development reported the incident on Sunday. The attack occurred by first compromising Context.ai, after which the attackers used that access to take over a Vercel employee’s Google Workspace account. From that account, they gained access to Vercel environments and environment variables that were not marked as “sensitive.” Variables that are marked as “sensitive” are stored in encrypted form and cannot be read.
Vercel currently states it has no evidence that those values were accessed. Only a limited number of customers were affected; they have already been contacted so they could rotate their credentials. According to Vercel, anyone who has not received a notification has no reason to believe that login credentials or personal data have been compromised.
Highly skilled attacker, professional response
Vercel describes the attacker as “highly sophisticated,” based on the speed of the operation and the detailed knowledge of Vercel systems the attacker demonstrated. The company is collaborating with Mandiant and other cybersecurity firms, industry peers, and law enforcement agencies. Context.ai has been directly contacted to investigate the full scope of the initial breach.
Initial investigations have already revealed that Context.ai’s OAuth app for Google Workspace was the point of entry. Vercel published an Indicator of Compromise (IOC) so that Google Workspace administrators can check whether this app is active in their environment. The OAuth app may affect hundreds of users across multiple organizations, meaning the incident extends beyond Vercel alone.
Recommendations and ongoing investigation
Vercel advises customers to check logs for suspicious activity. Additionally, all environment variables not marked as “sensitive” should be rotated. This is especially true if they contain API keys, tokens, database credentials, or signing keys. The company also recommends monitoring recent deployments for unexpected activity and setting Deployment Protection to at least “Standard.”
The investigation into possible data exfiltration is still ongoing. External sources report that alleged Vercel data is being offered on BreachForums for two million dollars, but Vercel has not confirmed this. Vercel’s services remained operational throughout the incident.
Read also: HackerOne hit by data breach via external partner