Cloud-based application development and deployment platform Vercel has confirmed that it was targeted in a cyberattack. The company stated that the incident began with the compromise of a third-party artificial intelligence tool. Reports claiming that the stolen data was later put up for sale have made the situation even more critical.

Cloud-based application development and deployment platform Vercel has confirmed that it was targeted in a cyberattack. The company stated that the incident began with the compromise of a third-party artificial intelligence tool. Reports claiming that the stolen data was later put up for sale have made the situation even more critical.

A Limited Number of Customers Were Affected

According to a security bulletin published by Vercel, the breach occurred after unauthorized access was gained to some of the company’s internal systems. The statement emphasized that only a limited number of customers were affected and that no disruption occurred in the platform’s overall services.

The company announced that it had launched a comprehensive investigation following the incident, that law enforcement agencies had been notified, and that the public would continue to be informed as the investigation progresses.

The Source of the Breach Was an AI Tool

Vercel also shared critical details regarding the origin of the attack. According to the company, the breach began with the compromise of a Google Workspace OAuth application belonging to a third-party AI tool. Vercel CEO Guillermo Rauch stated that the attackers gained access to an employee’s Google Workspace account through a breach involving the Context.ai platform. Using this access, the attacker was reportedly able to escalate privileges within Vercel’s systems and gain access to certain environments.

Attackers Shared Employee Data

An individual claiming to be associated with the ShinyHunters group, which is believed to be behind the attack, published some of the stolen data on online platforms. The shared information reportedly included employee names, email addresses, and timestamps related to account activities. ShinyHunters was also linked to the recent hacking incident targeting Rockstar Games.

Vercel issued several critical warnings to system administrators following the incident. In particular, the company advised administrators to review system logs in order to detect suspicious activities. In addition, Vercel recommended reviewing and rotating environment variables where necessary as a precaution against potential data leaks. These measures were highlighted as particularly important for protecting API keys, access tokens, and other sensitive information.

Some of the measures that should be taken to protect against such attacks are as follows;

• OAuth permissions granted to third-party AI and SaaS applications should be reviewed regularly, unnecessary access rights should be removed, and the principle of least privilege should be applied.

• MFA (Multi-Factor Authentication) should be enforced on platforms such as Google Workspace and Microsoft 365, and especially administrator accounts should be protected with additional security policies.

• API keys, access tokens, and environment variables should be managed through a centralized secret management/PAM solution and rotated regularly.

• SIEM, log monitoring, and behavioral analytics (UEBA/XDR) solutions should be actively used to quickly detect suspicious activities; OAuth application activities and privilege escalation attempts should be continuously monitored.

For detailed information, you can contact our experts at at info@zerosecond.ae .