Cybernews reports:
Vercel, a cloud platform and maintainer of Next.js, a major web development framework, has been hacked, and hackers are selling access to credentials that could help pull off “the largest supply chain attack ever if done right.” An OAuth token, granting too many permissions, became a single point of failure.
Vercel acknowledged that a threat actor accessed their internal systems and compromised the credentials of “a limited subset of customers.”
The company released a security advisory recommending that customers review account activity logs and rotate any secrets potentially exposed in the environment variables that were not marked as sensitive.
“We reached out to that subset and recommended an immediate rotation of credentials,” Vercel said.
Read more at Cybernews.t
