Vercel has confirmed a cyber incident involving what it described as a highly sophisticated attacker, saying unauthorized access began through an employee’s use of the third-party tool Context.ai and may have exposed some internal data and certain environment variables stored on the company’s systems.
In an updated notice dated April 21, the US firm said the attacker used that access to take over the employee’s Vercel Google Workspace account. That in turn enabled access to some Vercel environments and to environment variables that were not marked as sensitive. Vercel said environment variables designated as sensitive are stored in a way that prevents them from being read, and that it has no evidence those values were accessed.
Attack Traced to Third Party OAuth Access
Cory Michal, chief information security officer at AppOmni, said the breach was traced back to the OAuth access Context.ai had been granted to the employee’s Google Workspace account. He said that once a user authorizes one app, that trust can extend into email, identity, CRM, development and other systems in ways many organizations do not fully inventory or monitor, making a single compromised integration a powerful pivot point.
He said the lesson for organizations is that third-party risk management cannot stop at reviewing a vendor’s SOC 2 report or penetration test results. Instead, he said, companies need continuous visibility into how third-party applications are connected across their SaaS estate, what OAuth grants and integration tokens they hold, and how those relationships could be abused if one provider is compromised.
FCRF Returns With CDPO, Its Premier Data Protection Certification for Privacy Professionals
Vercel Says Core Packages Remain Safe
Vercel said the attacker appeared highly sophisticated based on operational speed and a detailed understanding of the company’s systems. At the same time, it said none of its npm packages were compromised and there is no evidence of tampering, meaning projects such as Next.js remain safe.
The company also said it had already contacted a limited subset of customers whose non-sensitive environment variables stored on Vercel were compromised. Screenshots posted to X by a threat actor claiming to be part of the ShinyHunters collective showed an attempt to extort Vercel for $2 million. The actor claimed to have access to multiple employee accounts with access to several internal deployments, along with API keys, npm and GitHub tokens, source code and databases.
Customers Urged to Tighten Security Controls
As Vercel works with Mandiant to assess the validity of the attacker’s claims, it has issued a set of recommendations to customers. Those include enabling multi-factor authentication through an authenticator app or passkey, reviewing and rotating environmental variables not marked as sensitive, and using the sensitive environmental variables feature to protect secret values.
The company also advised customers to review activity logs for suspicious behavior, investigate recent unexpected deployments, ensure deployment protection is set to at least standard, and rotate deployment protection tokens. The incident has also sharpened broader concerns over third-party application access, with security experts warning that a compromised integration can open pathways across a company’s wider software environment if permissions and token relationships are not continuously monitored.
