A popular cloud platform, Vercel, suffered a breach traced to a compromised third-party AI tool, Context.ai, which allowed attackers to access an employee’s Google Workspace account and some non-sensitive environment variables. Vercel is investigating with Mandiant and law enforcement, has warned affected customers to rotate credentials, and cautioned that deleting projects or accounts does not remove all risk. #Vercel #ContextAI
Keypoints
- Attack traced to a compromised third-party AI tool, Context.ai, installed on an employee’s device.
- Attacker took over the employee’s Vercel Google Workspace account and accessed some environment variables not marked as sensitive.
- Vercel engaged Mandiant and law enforcement and instructed affected customers to immediately rotate credentials and secrets.
- Investigations link the breach to an infostealer infection on a Context.ai employee’s device and a prior unauthorized access to Context.ai’s AWS environment.
- Hackers demanded a $2 million ransom and claimed ties to ShinyHunters, a group that has denied involvement.
Read More: https://therecord.media/cloud-platform-vercel-says-company-breached-through-ai-tool