Vercel has reported a security incident that allowed unauthorized access to some of its internal systems. The company said it is investigating the issue and has brought in security experts. It has also informed law enforcement.
The company said only a small number of customers were affected. These users had their credentials compromised, and Vercel has already contacted them. It has asked them to rotate their credentials immediately.
For other users, Vercel said there is no sign of compromise at this time. Its services are still running normally. The company is still checking if any data was taken and will inform users if it finds anything.
Vercel said the attack started from Context.ai, a third-party AI tool used by one of its employees. The attacker used this access to take control of the employee’s Google Workspace account.
With this access, the attacker was able to enter some Vercel systems and view certain environment variables. However, Vercel said that variables marked as “sensitive” are protected and cannot be read. So far, there is no proof that sensitive data was accessed.
The company said the attacker was highly skilled and understood its systems well.
Vercel is working with Mandiant and other security teams to investigate the issue. It is also in touch with Context.ai to understand how the breach happened. The company has also added more monitoring and security measures to prevent further problems.
Vercel has shared some basic steps for users. It is asking users to check their account activity for anything unusual. Users should also rotate environment variables, especially if they include API keys or other secrets that were not marked as sensitive.
It also suggests checking recent deployments and deleting anything suspicious. Users should enable protection features and rotate protection tokens if they use them.
The company has also asked Google Workspace admins and users to check if this app is present in their accounts and take action if needed.
