Vercel, a prominent development platform for hosting and deploying web applications, has confirmed a security compromise. A group claiming to be ShinyHunters, known for previous high-profile hacks including Rockstar Games, has posted stolen data online, encompassing employee names, email addresses, and activity timestamps. Vercel stated in an X post that a "security incident" had occurred, impacting a "limited subset" of its customers.
Vercel initially identified the attack vector as a "compromised third-party AI tool," without specifying the provider. Subsequent investigation, detailed in a security bulletin, revealed that the incident originated from a "third-party AI tool whose Google Workspace OAuth app was the subject of a broader compromise, potentially affecting hundreds of its users across many organizations."
In response, Vercel has advised administrators to review their activity logs for any suspicious behavior. It also recommended implementing extra precautions by "reviewing and rotating environmental variables" to secure sensitive data such as API keys, tokens, or other credentials that might have been exposed. Vercel is publishing Indicators of Compromise (IOC) to assist the wider community in investigating and vetting potential malicious activity, urging Google Workspace Administrators and Google Account owners to immediately check for the usage of the compromised app.