How was Vercel breached?

Vercel was breached through a compromised third-party AI tool whose Google Workspace OAuth app was targeted in a broader attack.

What data was stolen from Vercel?

The stolen data includes employee names, email addresses, and activity timestamps.

What steps should administrators take after the Vercel incident?

Administrators are advised to review activity logs for suspicious activity and to rotate environmental variables, API keys, and tokens.

Home / Technology / Vercel Hacked Via AI Tool; Data For Sale

Vercel Hacked Via AI Tool; Data For Sale

20 Apr

•

Summary

Vercel confirms security incident after data theft attempt.
Hackers exploited a third-party AI tool for the breach.
Stolen data includes employee information and timestamps.

Vercel Hacked Via AI Tool; Data For Sale

A significant security incident has impacted Vercel, a prominent platform for developing and deploying web applications. Threat actors reportedly gained access to sensitive data, including employee names, email addresses, and activity timestamps, with attempts made to sell this information online.

Vercel has confirmed the breach, stating that a limited subset of its customers were affected. The company identified a compromised third-party AI tool, specifically one with a Google Workspace OAuth app, as the entry point for the attack. This vulnerability may have had a broader impact, potentially affecting hundreds of users across various organizations that utilized the same AI service.