Vercel, a cloud hosting provider popular among crypto projects, has confirmed that it suffered a security breach that allowed hackers to make off with a “limited” subset of customer credentials.
Vercel said in a blog post on Sunday that it “identified a security incident that involved unauthorized access to certain internal Vercel systems” and was investigating the breach.
“Initially we identified a limited subset of customers whose Vercel credentials were compromised,” it added. “We reached out to that subset and recommended an immediate rotation of credentials.”
Vercel’s confirmation came after multiple X users reported that a post on the hacking forum BreachForums by a user called “ShinyHunters” claimed to be offering Vercel’s data in exchange for $2 million.
The poster claimed to have access keys, source code, database information and employee accounts with access to internal deployments, which they said could be used for a “global supply chain attack.”
Vercel did not address the post’s claims, but said the attacker was “highly sophisticated based on their operational velocity and detailed understanding of Vercel's systems.”
Third-party AI tool compromised to carry out hack
Vercel CEO Guillermo Rauch said on Sunday that the attack originated after a Vercel employee was compromised via a breach of an artificial intelligence tool they used called Context.ai.
The attacker was then able to compromise the Vercel employee’s Google Workspace account, allowing them access to some of Vercel’s internal systems.
Rauch said the company stores customer environments with full encryption, but it has the capability to designate variables as “non-sensitive,” and the attacker “got further access through their enumeration.”
Related: Aave's TVL tanks $8B a day after $293M Kelp DAO hack
“We believe the attacking group to be highly sophisticated and, I strongly suspect, significantly accelerated by AI,” he added. “They moved with surprising velocity and in-depth understanding of Vercel.”
Rauch said that Vercel had “deployed extensive protection measures and monitoring” and it had analyzed its supply chain to ensure “Next.js, Turbopack, and our many open source projects remain safe for our community.”
“My advice to everyone is to follow the best practices of security response: secret rotation, monitoring access to your Vercel environments and linked services, and ensuring the proper use of the sensitive env variables feature,” he added.
Magazine: Meet the onchain crypto detectives fighting crime better than the cops
