Vercel Says Internal Systems Hit in Breach

Source: Hacker News

Incident Overview

Vercel, a widely used cloud platform for developing and deploying apps, has disclosed a breach of its internal systems that affected a “limited subset of customers.” The incident was discovered on Sunday, and Vercel has engaged an incident response provider to investigate.

Company Statement

“We’ve identified a security incident that involved unauthorized access to certain internal Vercel systems. We are actively investigating, and we have engaged incident response experts to help investigate and remediate. We have notified law enforcement and will update this page as the investigation progresses,” the company said in a statement.

“At this time, we have identified a limited subset of customers that were impacted and are engaging with them directly.”

Potential Attribution

Posts online have connected the Vercel intrusion to the ShinyHunters threat group, which is known for targeting a wide range of organizations through social engineering and vulnerability exploitation. The group often makes financial demands of compromised companies and sells access to stolen data and compromised systems via online forums. See the related discussion on X: link.

Impact

Vercel has not specified which of its systems were compromised or the exact number of affected customers. The breach underscores the importance of robust security measures for cloud platforms and their users.