heise PlusAbo
Anzeige

Attack on Next.js manufacturer Vercel: customer data exfiltrated

Vercel's internal systems and customer data were compromised in a security incident. An external AI tool served as the entry point.

listen Print view
Man,Interacting,With,A,Holographic,Touchscreen,Interface,In,Red,Color.

(Image: amgun / Shutterstock.com)

2 min. read
Developer
By
Contents

The software company Vercel has announced that it is currently investigating a security attack. An attacker gained unauthorized access to internal systems and Vercel customer data. According to the company, the incident originated with a Vercel employee who used the AI tool Context.ai. The attacker gained access to Vercel environments through their Vercel Google Workspace account.

Guillermo Rauch, CEO and founder of Vercel, posted news about the attack on X. According to him, it appears to be a “very sophisticated attacker group” that, in his opinion, uses artificial intelligence and acted “with surprising speed and in-depth understanding of Vercel.”

Heise Conference: enterJS Integrate AI
enterJS Integrate AI

(Image: Stone Story / stock.adobe.com)

Enhance web applications with AI so they really get better? The online theme day enterJS Integrate AI on April 28, 2026 shows how. Early bird tickets and group discounts are available in the online ticket shop.

React framework Next.js apparently not affected

Next.js, Turbopack, and other open-source projects of the company are not affected, according to Rauch: “We have analyzed our supply chain and ensured that Next.js, Turbopack, and our many open-source projects remain safe for the community.”

Security Check: Vercel publishes IOC

According to the relevant Vercel security bulletin entry, a limited number of Vercel customers are affected by the attack. These have already been informed and asked to rotate their credentials immediately.

Vercel has also published an Indicator of Compromise (IOC). The attack originated from a Google Workspace OAuth app. Google Workspace admins and Google account owners should therefore immediately check if this app is being used:

  • 110671459871-30f1spbu0hptbs60cb4vsmv79i7bbvqj.apps.googleusercontent.com

Videos by heise

Vercel data allegedly offered for sale

As The Hacker News reports, attackers under the name ShinyHunters are taking responsibility for this incident – and according to screenshots on X, are apparently offering stolen data for two million US dollars. The ShinyHunters group recently also published data from a cyberattack on Rockstar Games. The company has not yet confirmed whether they are actually responsible for the attack on Vercel.

Vercel is still actively investigating the attack and has involved incident response experts -- including Google's cybersecurity subsidiary Mandiant -- as well as the authorities. The company will provide further updates on its security bulletin.

(mai)

Don't miss any news – follow us on Facebook, LinkedIn or Mastodon.

This article was originally published in German. It was translated with technical assistance and editorially reviewed before publication.

Beliebte Bestenlisten

Alle Angebote
Newsletter heise-Bot heise-Bot Push Nachrichten Push Push-Nachrichten