.webp)
Cloud platform targeted in AI cyber-attack; limited customers affected as hackers demand $2 million ransom
A serious security breach and AI cyber attack has been confirmed by Vercel, the cloud development platform used by millions of developers around the world. In a statement made via X (formerly Twitter), Vercel's CEO Guillermo Rauch said an attacker gained unauthorized access to Vercel’s internal systems through a compromised Google Workspace account owned by an employee. This allowed the attacker to access Vercel's infrastructure. The employee's account on Context.ai, a third-party AI platform, was compromised as well, giving them the foothold necessary to penetrate Vercel’s defenses.
The attackers demonstrated many sophisticated techniques and Rauch believes the attackers may have used artificial intelligence to help escalate their access throughout many of Vercel’s environments. One of the ways that the attackers were able to gain elevated access was by using a design feature in Vercel’s platform that allows developers to tag certain environment variables as "non-sensitive." By enumerating these non-sensitive environment variables, the attackers were able to gain significantly more access to Vercel's systems than they did from the first account compromise.
While the company states all environment variables for customers are fully encrypted at rest, limiting their exposure of sensitive information, several customers may have also been impacted due to the breach. The company has contacted all affected customers individually and has implemented additional security and monitoring measures across its infrastructure.
Following the breach disclosure, a threat actor using the moniker "ShinyHunters" claimed responsibility and announced plans to sell stolen data, allegedly including access keys, source code, database information and internal deployment data. The hacker demanded a $2 million ransom and provided proof by sharing 580 Vercel employee records containing names, email addresses, and account activity logs. However, individuals associated with the known ShinyHunters extortion gang have publicly denied involvement in this specific Vercel incident.
Vercel has prioritized investigation, customer communication, and security enhancement measures. The company has also analyzed its supply chain to confirm that critical open-source projects including Next.js and Turbopack remain uncompromised.
Business Honor views Vercel's security response as demonstrating enhanced threat detection and incident management capabilities.
About the Author
Rohan Pius is an experienced news writer with extensive expertise across multiple sectors. He combines sharp analytical skills with thorough research to produce clear, insightful reporting on industry trends and their economic impact.
.webp)
