The organization claims the breach stemmed from an infiltrated ‘third-party AI tool.’
The organization claims the breach stemmed from an infiltrated ‘third-party AI tool.’
Vercel, a prominent development platform for hosting and deploying web applications, has been breached, and the attackers are trying to sell the compromised data. An individual claiming to be associated with ShinyHunters, responsible for the recent breach of Rockstar Games, shared some data online, revealing employee names, email addresses, and activity timestamps. Vercel acknowledged in a message on X that a “security incident” occurred, affecting a “limited subset” of its clientele. Vercel stated that an infiltrated third-party AI tool was the entry point for the attack, though it did not clarify which third party was implicated.
Vercel advised administrators to check their activity logs for any unusual behavior. The company also recommended taking measures to “review and rotate environmental variables” as an additional safety measure in case API keys, tokens, or other sensitive information were compromised. It concluded its security bulletin with this statement:
Our investigation has shown that the breach originated from a third-party AI tool whose Google Workspace OAuth application was part of a larger compromise, potentially affecting hundreds of users across multiple organizations.
We are releasing the following IOC to assist the broader community in investigating and scrutinizing potential malicious activities within their environments. We recommend that Google Workspace Administrators and Google Account owners verify the use of this app without delay.
