"A hacker using the online moniker ShinyHunters announced on BreachForums on April 19 the sale of Vercel databases, access keys, employee accounts, and source code, offering it for $2 million."
"The incident originated with a compromise of Context.ai, a third-party AI tool used by a Vercel employee. The attacker used that access to take over the employee's Vercel Google Workspace account."
"Vercel CEO Guillermo Rauch explained in a post on X, 'Vercel stores all customer environment variables fully encrypted at rest. We have numerous defense-in-depth mechanisms to protect core systems and customer data.'"
Vercel experienced a security breach after a hacker announced the sale of stolen data, including databases and employee accounts. The breach originated from a third-party AI tool used by an employee, allowing the attacker to access Vercel's Google Workspace account. A limited subset of customer credentials was compromised, and affected users were notified to reset their credentials. Vercel emphasized that customer environment variables are encrypted, but some were marked as 'non-sensitive', which led to further access by the attacker.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]