Vercel, a major development platform that hosts and deploys web apps, was compromised, and the hackers are attempting to sell stolen data. A person claiming to be a member of ShinyHunters, which was behind the recent hack of Rockstar Games, posted some data online, including employee names, email addresses, and activity time stamps. Vercel confirmed in a post on X that a “security incident” had occurred, and that it impacted a “limited subset” of its customers. Vercel said that a compromised third-party AI tool was the avenue for attack, though it did not specify which third-party was involved.
Vercel encouraged administrators to review their activity logs for suspicious activity. It also suggested taking steps to “review and rotate environmental variables” as an extra precaution in case API keys, tokens, or other sensitive data were exposed. It ended its security bulletin by saying:
Our investigation has revealed that the incident originated from a third-party AI tool whose Google Workspace OAuth app was the subject of a broader compromise, potentially affecting hundreds of its users across many organizations.
We are publishing the following IOC to support the wider community in the investigation and vetting of potential malicious activity in their environments. We recommend that Google Workspace Administrators and Google Account owners check for usage of this app immediately.