1 hour ago
4
ARTICLE AD BOX
Cloud development platform Vercel has confirmed a security breach incident involving unauthorised access to its internal systems. For those unaware, Vercel is a premier cloud platform for frontend developers, specializing in hosting websites and web applications.
The billion-dollar company has published a Security Bulletin, confirming the incident. “We’ve identified a security incident that involved unauthorized access to certain internal Vercel systems,” Vercel said. “We are actively investigating, and we have engaged incident response experts to help investigate and remediate. We have notified law enforcement and will update this page as the investigation progresses”.
Vercel reveals Context.ai, a third-party AI tool used to compromise security
In the bulletin, the cloud platform firm said that the security incident originated with a compromise of Context.ai, a third-party AI tool used by a Vercel employee. The attacker, it said, used that access to take over the employee's Vercel Google Workspace account, which enabled them to gain access to some Vercel environments and environment variables that were not marked as “sensitive.”“Environment variables marked as "sensitive" in Vercel are stored in a manner that prevents them from being read, and we currently do not have evidence that those values were accessed,” the company revealed.
Vercel stated that it is working with Mandiant, additional cybersecurity firms, industry peers, and law enforcement. “We have also engaged Context.ai directly to understand the full scope of the underlying compromise,” the company said.
Who is impacted by Vercel data breach
In its bulletin, Vercel said that it has identified a limited subset of customers whose Vercel credentials were compromised. The company has reached out to that subset and recommended an immediate rotation of credentials.“If you have not been contacted, we do not have reason to believe that your Vercel credentials or personal data have been compromised at this time,” it clarified. “We continue to investigate whether and what data was exfiltrated and we will contact customers if we discover further evidence of compromise. We’ve deployed extensive protection measures and monitoring. Our services remain operational,” the company assured.
What should impacted customers do
Vercel recommends impacted users to:
- Review the activity log for your account and environments for suspicious activity. You can review activity logs in the dashboard or via the CLI.
- Review and rotate environment variables. If any of your environment variables contain secrets (API keys, tokens, database credentials, signing keys) that were not marked as sensitive, those values should be treated as potentially exposed and rotated as a priority.
- Take advantage of the sensitive environment variables feature going forward, so that secret values are protected from being read in the future.
- Investigate recent deployments for unexpected or suspicious looking deployments. If in doubt, delete any deployments in question.
- Ensure that Deployment Protection is set to Standard at a minimum.
- Rotate your Deployment Protection tokens, if set.
English (US) ·