Next.js Creator Vercel Hit by Security Breach
A Security Breach Hits Vercel
Vercel, the company behind the popular Next.js framework for building web applications and its frontend cloud platform, has confirmed a security breach after a hacker publicly offered to sell data allegedly stolen from the company’s systems.
The Incident Explained
A third-party AI tool called Context.ai was compromised by an attacker, allowing them to take control of a Vercel employee’s Google Workspace account. This granted access to sensitive environment variables that were not properly designated as secure.
“The company stores all customer environment variables fully encrypted at rest,” said Vercel CEO Guillermo Rauch. “Unfortunately, the attacker was able to exploit a weakness in the system and obtain access to sensitive information.”
The Breach For Further Investigation
The BreachForums post offering the Vercel data has been removed, and the ShinyHunters group, which initially claimed responsibility for the attack, has denied involvement. The exact circumstances surrounding the hack remain unclear, and Vercel has promised to provide further updates as its investigation continues.
Related News
- Industrial Giants Publish New Security Advisories: Several major companies have released new security advisories highlighting the importance of addressing vulnerabilities in critical infrastructure.
- Lawmakers Discuss Emerging Technologies: Lawmakers have come together to discuss the potential risks and benefits of emerging technologies, including artificial intelligence.
- Shadow AI Concerns Grow: As concerns about the increasing use of “shadow AI” in organizations continue to grow, experts emphasize the need for robust controls and governance frameworks to mitigate potential risks.
About Author
English