Vercel Data Compromised via Third-Party AI Application

Vercel's front-end development platform experienced a data breach following the use of the third-party AI application Context.ai by an employee. This breach allowed attackers to gain control of the employee's Google Workspace account, leading to exposure of non-sensitive client identifiers. Vercel has reached out to affected clients, advising them to change their credentials. While the company claims that sensitive data remains protected and no evidence suggests it was accessed, a dark web actor identified as "ShinyHunters" has attempted to sell the stolen information, which includes access keys and source code.

The initial access vector was the Google Workspace OAuth linked to Context.ai. Vercel is uncertain whether Context.ai's infrastructure was compromised or if OAuth tokens were stolen, leading to authenticated access to Vercel's environments. As Vercel collaborates with cybersecurity firms like Mandiant, the incident underscores vulnerabilities in third-party AI tools and calls for heightened scrutiny and security measures. Clients are urged to audit activity logs for suspicious behavior and update environmental variables to mitigate the potential exposure of sensitive secrets.