Listen to this article in summarized format
×
Subscribe to
Unlock AI Briefing and Premium Content
New Year Offer 24 Hours Left
Subscribe NowAlready a member? Sign In
What's Included
- Exclusive Stories
- Daily ePaper Access
- Smart Market Tools
- Curated Investment Ideas
- Ad-lite Experience
Subscription
AgenciesAmerican cloud development platform Vercel on Sunday confirmed a security breach allowing an attacker to gain unauthorised access to data for a “limited subset of customers”.
“We’ve identified a security incident that involved unauthorized access to certain internal Vercel systems. We are actively investigating, and we have engaged incident response experts to help investigate and remediate. We have notified law enforcement,” the company wrote in a blogpost.
What was the data breach about?
The data breach occurred after a employee’s Google Workspace account was compromised via a vulnerability at the third-party AI platform Context.ai.
Vercel CEO Guillermo Rauch confirmed that hackers exploited this foothold to infiltrate internal systems with “surprising speed”, suggesting the attackers likely used AI-driven tools to navigate the company's infrastructure and identify technical vulnerabilities.
The intruders specifically targeted environment variables, focusing on those marked as ‘non-sensitive,’ a convenience feature now undergoing a rigorous security review.
The threat actor, identified by some as the group ShinyHunters, listed Vercel's data for sale on BreachForums for $2 million. The hackers claim to have exfiltrated source code, internal databases, and API keys.
“Vercel stores all customer environment variables fully encrypted at rest. We have numerous defense-in-depth mechanisms to protect core systems and customer data. We do have a capability however to designate environment variables as “non-sensitive”. Unfortunately, the attacker got further access through their enumeration,” CEO Rauch wrote in a post on X.
Per The Information, last September, Vercel raised $300 million at a $9.3 billion valuation.
How is Vercel currently tackling the breach?
The company is prioritising investigation, customer communication, tightening security, and cleaning affected systems.
Vercel has confirmed that core tools and projects such as Next.js and Turbopack remain secure and uncompromised.
Vercel has partnered with Google’s Mandiant team and law enforcement to investigate the full scope of the breach.
The company has already begun rolling out new safeguards, specifically enhancing the visibility and control of environment variables within its dashboard.
Rauch has committed to transforming this incident into a catalyst for the 'strongest security response possible' for the platform.
“At the moment, we believe the number of customers with security impact to be quite limited. All of our focus right now is on investigation, communication to customers, enhancement of security measures, and sanitisation of our environments. We’ve deployed extensive protection measures and monitoring,” Rauch added in his post.
Further, Vercel has directly contacted affected individuals, advising them to immediately change their sensitive credentials, such as passwords and API keys, and monitor access logs to check if attackers have already accessed these keys and prevent further unauthorised activity.
“We’ve identified a security incident that involved unauthorized access to certain internal Vercel systems. We are actively investigating, and we have engaged incident response experts to help investigate and remediate. We have notified law enforcement,” the company wrote in a blogpost.
What was the data breach about?
The data breach occurred after a employee’s Google Workspace account was compromised via a vulnerability at the third-party AI platform Context.ai.
Vercel CEO Guillermo Rauch confirmed that hackers exploited this foothold to infiltrate internal systems with “surprising speed”, suggesting the attackers likely used AI-driven tools to navigate the company's infrastructure and identify technical vulnerabilities.
The intruders specifically targeted environment variables, focusing on those marked as ‘non-sensitive,’ a convenience feature now undergoing a rigorous security review.
Discover the stories of your interest
The threat actor, identified by some as the group ShinyHunters, listed Vercel's data for sale on BreachForums for $2 million. The hackers claim to have exfiltrated source code, internal databases, and API keys.
“Vercel stores all customer environment variables fully encrypted at rest. We have numerous defense-in-depth mechanisms to protect core systems and customer data. We do have a capability however to designate environment variables as “non-sensitive”. Unfortunately, the attacker got further access through their enumeration,” CEO Rauch wrote in a post on X.
Per The Information, last September, Vercel raised $300 million at a $9.3 billion valuation.
How is Vercel currently tackling the breach?
The company is prioritising investigation, customer communication, tightening security, and cleaning affected systems.
Vercel has confirmed that core tools and projects such as Next.js and Turbopack remain secure and uncompromised.
Vercel has partnered with Google’s Mandiant team and law enforcement to investigate the full scope of the breach.
The company has already begun rolling out new safeguards, specifically enhancing the visibility and control of environment variables within its dashboard.
Rauch has committed to transforming this incident into a catalyst for the 'strongest security response possible' for the platform.
“At the moment, we believe the number of customers with security impact to be quite limited. All of our focus right now is on investigation, communication to customers, enhancement of security measures, and sanitisation of our environments. We’ve deployed extensive protection measures and monitoring,” Rauch added in his post.
Further, Vercel has directly contacted affected individuals, advising them to immediately change their sensitive credentials, such as passwords and API keys, and monitor access logs to check if attackers have already accessed these keys and prevent further unauthorised activity.
Add 
as a Reliable and Trusted News Source
as a Reliable and Trusted News Source
Add Now!
ETPrime Membership
