Cloud deployment and hosting platform Vercel has suffered a security breach that resulted in attackers accessing some of its internal systems and compromising Vercel credentials of a “limited subset of customers”.
Advice for affected customers
“The incident originated with a compromise of Context.ai, a third-party AI tool used by a Vercel employee,” the Vercel security team explained in a post published on Sunday.
“The attacker used that access to take over the employee’s Vercel Google Workspace account, which enabled them to gain access to some Vercel environments and environment variables that were not marked as ‘sensitive.’”
Vercel CEO Guillermo Rauch explained it better: “Vercel stores all customer environment variables fully encrypted at rest. We have numerous defense-in-depth mechanisms to protect core systems and customer data. We do have a capability however to designate environment variables as ‘non-sensitive’. Unfortunately, the attacker got further access through their enumeration.”
Confirmed affected customers were notified directly and advised to immediately rotate credentials and environment variables, review their account’s activity log and environments for suspicious activity, rotate Deployment Protection tokens (if used), and look for recent unexpected or suspicious looking deployments.
“Take advantage of the sensitive environment variables feature going forward, so that secret values are protected from being read in the future,” the team also counseled.
In the meantime, the company deployed additional protection measures, extended their monitoring, notified law enforcement, and called in experts to help with the investigation.
“We’ve analyzed our supply chain, ensuring Next.js, Turbopack, and our many open source projects remain safe for our community,” Rauch added.
What happened, exactly?
The investigation into the breach is ongoing, and Vercel is getting help from the Google Mandiant team and other cybersecurity firms.
They’ve already confirmed how attackers managed to gain initial access to the Vercel employee’s account.
“Our investigation has revealed that the incident originated from a small, third-party AI tool whose Google Workspace OAuth app was the subject of a broader compromise, potentially affecting its hundreds of users across many organizations,” the Vercel security team shared, along with the unique identifier for the app in question: 110671459871-30f1spbu0hptbs60cb4vsmv79i7bbvqj.apps.googleusercontent.com.
Nudge Security CTO Jaime Blasco tied this tool to Context.ai, the company behind the eponymous AI-native office suite.
“Google has deleted the account but I’m confident the third party AI tool that vercel mentioned in the blog post is context[.]ai based on a now removed chrome browser extension listing linked to an oauth grant in the same account id,” he explained. “They removed the extension from the Chrome marketplace on March 27th which is suspicious.”
It’s unlikely that Vercel is the only victim of this third-party compromise. Google Workspace Administrators and Google Account owners have been advised to check whether they are using the Chrome extension and mount an investigation on their own if they are.
“We’ve reached out to Context to assist in understanding the full scale of the incident, in an effort to protect other organizations and the broader internet,” Rauch stated.
On Sunday, Context released an advisory of their own confirming a security incident that involved unauthorized access to their AWS environment.
“Based on information provided by Vercel and some additional internal investigation, we learned that, during the incident last month, the unauthorized actor also likely compromised OAuth tokens for some of our consumer users. We also learned that the unauthorized actor appears to have used a compromised OAuth token to access Vercel’s Google Workspace,” the company stated.
“Vercel is not a Context customer, but it appears at least one Vercel employee signed up for the AI Office Suite using their Vercel enterprise account and granted ‘Allow All’ permissions. Vercel’s internal OAuth configurations appear to have allowed this action to grant these broad permissions in Vercel’s enterprise Google Workspace.”
Who’s behind the breach?
“We believe the attacking group to be highly sophisticated and, I strongly suspect, significantly accelerated by AI,” Rauch said today. “They moved with surprising velocity and in-depth understanding of Vercel.”
Screenshot of the BreachForums post
The Vercel compromise has been claimed by ShinyHunters – or someone who’s impersonating the infamous and prolific cybercriminal group – via a post on BreachForums, and they were apparently trying to sell the stolen information, which they say can be used to mount “the largest supply chain attack ever.”
The post has since been removed and the real ShinyHunters denied involvement in the breach.
Subscribe to our breaking news e-mail alert to never miss out on the latest breaches, vulnerabilities and cybersecurity threats. Subscribe here!
Click Here For The Original Source.
