Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Vercel, a major development platform that hosts and publishes web applications, has been hacked, and hackers are trying to sell the stolen data. Someone claiming to be a member of ShinyHunterswho was behind the recent hack of Rockstar gamesposting certain data online, including employee names, email addresses, and timestamps of activity. Vercel confirmed in a post on X that a “security incident” had occurred and that it had affected a “limited subset” of its customers. Vercel said the compromised third-party AI tool was a vehicle for the attack, though it did not identify the third party involved.
Vercel encouraged officials to review their activity logs for any suspicious activity. He also suggested taking steps to “review and rotate environmental variables” as an extra precaution in the event that API keys, tokens, or other sensitive data are exposed. He ended up doing it Security bulletin By saying:
Our investigation revealed that the incident originated from a third-party AI tool whose Google Workspace OAuth implementation was the subject of a broader compromise, potentially impacting hundreds of its users across multiple organizations.
We are publishing the following IOC certification to support the broader community in investigating and auditing potential malicious activity in their environments. We recommend that Google Workspace administrators and Google account holders verify the use of this application immediately.