Home / Technology / Vercel Hacked Via AI Tool; Data For Sale
Vercel Hacked Via AI Tool; Data For Sale
20 Apr
Summary
- Vercel confirms security incident after data theft attempt.
- Hackers exploited a third-party AI tool for the breach.
- Stolen data includes employee information and timestamps.
A significant security incident has impacted Vercel, a prominent platform for developing and deploying web applications. Threat actors reportedly gained access to sensitive data, including employee names, email addresses, and activity timestamps, with attempts made to sell this information online.
Vercel has confirmed the breach, stating that a limited subset of its customers were affected. The company identified a compromised third-party AI tool, specifically one with a Google Workspace OAuth app, as the entry point for the attack. This vulnerability may have had a broader impact, potentially affecting hundreds of users across various organizations that utilized the same AI service.
In response to the incident, Vercel is urging administrators to meticulously review their activity logs for any suspicious activities. Furthermore, the platform recommends rotating environmental variables, API keys, and tokens as a vital precaution to safeguard against any potential exposure of sensitive credentials. Vercel is also publishing Indicators of Compromise (IOCs) to aid the broader cybersecurity community in investigating and identifying malicious activity within their own environments.
