Concise Cyber

Subscribe below for free to get these delivered straight to your inbox

Advertisements
Vercel Confirms Hack After OAuth Compromise at Context AI Exposed Customer Data
Advertisements

Cloud app hosting company Vercel says it suffered a security incident that exposed customer data after attackers used an OAuth connection tied to a Context AI app to access internal systems. The company said the breach led to the theft of data and credentials, and it has begun notifying affected customers.

How the breach happened

According to Vercel, the incident began when one of its employees downloaded an app made by Context AI and connected it to a corporate Google account. That connection, made through OAuth, allowed attackers to take over the employee’s Google account and move into some of Vercel’s internal systems.

Vercel said the attackers accessed credentials that were not encrypted. The company has not said how many customers were affected, but it warned that the incident may have reached “hundreds of users across many organizations.”

What data may have been exposed

A threat actor claimed on a cybercriminal forum to be selling data taken from Vercel, including customer API keys, source code, and database data. The actor also claimed to be acting on behalf of the ShinyHunters hacking group, though the group told Bleeping Computer that it was not involved.

Vercel said it had contacted customers whose app data and keys were compromised. Chief executive Guillermo Rauch also advised customers on X to rotate any keys and credentials in app deployments labeled as “non-sensitive.”

  • Customer API keys
  • Source code
  • Database data
  • Unencrypted credentials

Vercel says its core projects were not affected

The company said its Next.js and Turbopack projects were not affected by the breach. Both are widely used open source projects for web and app development.

Vercel also said it has not received any communication from the threat actor, such as a ransom demand, and that it is investigating the incident while seeking answers from Context AI.

Context AI says its earlier breach may be broader

Context AI confirmed on its website that it had a breach in March involving its Context AI Office Suite consumer app. The app lets users automate actions and workflows across third-party applications through an unnamed third-party service.

Context AI said it notified one customer at the time, but now believes the issue may have been broader than first understood. It said the hackers likely compromised OAuth tokens for some consumer users.

Context AI did not respond to requests for comment.

A broader supply chain risk

The incident fits a pattern of supply chain attacks targeting software and services used by many organizations. By compromising a widely used tool or integration, attackers can potentially reach multiple companies and services through a single point of access.

Vercel’s disclosure suggests the impact may extend beyond its own environment, affecting customers across the tech industry.

Vercel says the investigation is ongoing. For now, the company is urging customers to review and rotate credentials where appropriate.

All articles are written here with the help of AI on the basis of openly available information which cannot be independently verified. We do strive to quote the relevant sources.The intent is only to summarise what is already reported in public forum in our own wordswith no intention to plagarise or copy other person’s work.The publisher has no intent to defame or cause offence to anyone, any person or any organisation at any moment.The publisher assumes no responsibility for any damage or loss caused by making decisions on the basis of whatever is published on cyberconcise.com.You’re advised to do your own checks and balances before making any decision, and owners and publishers at cyberconcise.com cannot be held accountable for its resulting ramifications.If you have any objections, concerns or point out anything factually incorrect, please reach out using the form on https://concisecyber.com/about/

Discover more from Concise Cyber

Subscribe now to keep reading and get access to the full archive.

Continue reading