App host Vercel confirms security incident, says customer data was stolen in Context AI breach
Cloud application hosting giant Vercel this weekend said hackers breached internal systems and obtained customer data. Hackers say they stole sensitive customer information from Vercel’s systems and are selling the data online.
In a statement on Sunday, Vercel said the breach came from another software maker, Context AI. One of Vercel’s employees downloaded an app made by Context AI and connected it to their business account, which is hosted by Google. Hackers used that connection (known as OAuth) to take over a Vercel employee’s Google account and gain access to other internal Vercel systems, including unencrypted credentials.
Vercel says his Next.js and Turbopack projects were not affected by the breach. Both open source projects are widely used by web and app developers.
Vercel said it contacted customers whose app data and keys were compromised.
In a post on X, Vercel CEO Guillermo Rauch advised customers to turn over any keys and credentials in their use of apps marked as “unsympathetic.”
It is not clear who caused the Vercel or Context AI breach, or if they are the same hacker. A cybercriminal who claims to represent the ShinyHunters hacker group in their listings on a cybercriminal forum. The post, seen by TechCrunch, said the hackers were selling access to customer API keys, source code, and stolen database data from Vercel.
Hacker group ShinyHunters, known for hacking cloud and database companies, told cybersecurity news website Bleeping Computer that it was not involved in the incident.
While details of the hack are still emerging, the security breach is the latest in a series of “supply chain” hacks in recent months that have targeted software developers whose code is widely used across the web. By compromising software used by companies and supporting web infrastructure, cybercriminals can steal information from a wide range of targets at once and gain more access to large amounts of data stored in other major clouds.
Vercel did not say anything else about the attack, other than that he was investigating the incident and wanted answers from Context AI. Vercel said the hack could affect “hundreds of users across multiple organizations,” not just its own system, warning of a potential breach in the tech industry.
Context AI, which develops testing and analytics for AI models, confirmed on its website that it had a breach in March involving its consumer application Context AI Office Suite. The application allows users to automate actions and workflows across third-party applications in the form of an unspecified third-party service.
Context AI said it notified one customer of the breach, but based on the Vercel incident, it now believes the incident may be more widespread than first thought. Context AI said the hackers “may have compromised OAuth tokens for some of our consumer users.”
Henry Scott-Green, who founded Context AI and now works at OpenAI following the company’s hiring agreement, did not respond to a request for comment or questions about the breach. It’s unclear why Context AI didn’t disclose the breach at the time, or if the company received any demands from the hacker, such as a ransom.
OpenAI did not immediately respond to a request for comment. Vercel also did not respond to questions about the incident, such as how many of its customers may be affected.
