Vercel, the cloud platform behind the widely used Next.js web framework, has acknowledged a security breach after an attacker compromised a third-party AI tool called Context.ai and used it to gain access to a Vercel employee’s enterprise Google Workspace account.
The breach exposed non-sensitive environment variables, and a threat actor operating under the ShinyHunters name has claimed responsibility, reportedly seeking $2 million for the stolen data. Vercel said it has engaged Google-owned incident response firm Mandiant, notified law enforcement, and contacted a limited subset of affected customers directly.
Article continues below
Cybersecurity firm Hudson Rock claims to have traced Context.ai’s own compromise back further to an employee infected by Lumma Stealer malware after downloading Roblox game exploit scripts in February. The stolen credentials reportedly included Google Workspace logins along with keys for Supabase, Datadog, and Authkit, Hudson Rock reported, but Vercel hadn’t independently confirmed this at the time of writing.
Vercel has since rolled out new dashboard features, including an overview page for environment variables and an improved interface for managing sensitive variable settings. CEO Guillermo Rauch said on X that the company had analyzed its supply chain and confirmed that Next.js, Turbopack, and its other open source projects weren’t affected.
Follow Tom’s Hardware on Google News, or add us as a preferred source, to get our latest news, analysis, & reviews in your feeds.
