Next.js developer Vercel has confirmed a cyber-incident  conducted by a “highly sophisticated” attacker which may have resulted in threat actors getting hold of sensitive internal data.

The US firm, which provides developer tools and cloud infrastructure, said in an updated April 21 notice that the unauthorized access originated from an employee’s use of a third-party tool, Context.ai.

“The attacker used that access to take over the employee's Vercel Google Workspace account, which enabled them to gain access to some Vercel environments and environment variables that were not marked as sensitive,” it added.

“Environment variables marked as ‘sensitive’ in Vercel are stored in a manner that prevents them from being read, and we currently do not have evidence that those values were accessed.”

Read more on Vercel: NCSC Urges Users to Patch Next.js Flaw Immediately

Vercel claimed that the attacker was “highly sophisticated based on their operational velocity and detailed understanding of Vercel's systems”.

However, it confirmed that none of its npm packages were compromised and there’s no evidence of tampering, meaning projects like popular React framework Next.js are safe.

Vercel said it has already reached out to “a limited subset of customers whose non-sensitive environment variables stored on Vercel” were compromised.

According to screenshots posted to X (formerly Twitter), a threat actor purporting to be part of the ShinyHunters collective is trying to extort Vercel to the tune of $2m. They claim to have access to multiple employee accounts “with access to several internal deployments,” as well as API keys, npm/GitHub tokens, source code and databases.

Vercel Customers Urged to Follow Best Practices

As it works with Mandiant to ascertain the validity of the threat actor’s claims, Vercel has issued the following advice for customers:

• Enable multi-factor authentication (MFA) via authenticator app or passkey
• Review and rotate environmental variables not marked as “sensitive” as these may have been potentially exposed. They include API keys, tokens, database credentials and signing keys
• Use the sensitive environmental variables feature to protect secret values
• Review activity log for suspicious activity
• Investigate suspicious or unexpected recent deployments
• Ensure deployment protection is set to standard, at a minimum
• Rotate deployment protection tokens

Cory Michal, CISO at AppOmni, traced the breach back to the OAuth access Context.ai provided to the Vercel employee’s Google Workspace account.

“Once a user authorizes one app, that trust can extend into email, identity, CRM, development, and other systems in ways many organizations do not fully inventory or monitor, which makes a single compromised integration a powerful pivot point,” he added.

“The key lesson is that third-party risk management cannot stop at reviewing a vendor’s SOC 2 report or penetration test results. Organizations need continuous visibility into how third-party applications are actually connected across their SaaS estate, what OAuth grants and integration tokens they hold, and how those relationships could be abused if one provider is compromised.”