Vercel breach tied to AI tool

Vercel said on April 19 that attackers got into some of its internal systems through a third-party AI tool an employee had connected to a company Google account. (vercel.com) The company said the breach compromised credentials for “a limited subset of customers,” and it told those customers to rotate them immediately. Vercel also said its services stayed online while it investigated what data, if any, was taken. (vercel.com) (theregister.com) The route in was OAuth, the sign-in system that lets one app act inside another after a user clicks allow. Vercel said the attacker took over an employee’s Google Workspace account and then reached some environments and environment variables that were not marked “sensitive.” (techcrunch.com) (theregister.com) Context.ai, the outside vendor Vercel named, said on April 19 that its deprecated AI Office Suite had suffered an earlier breach in March. The company said a later investigation found the intruder had likely stolen OAuth tokens for some consumer users and used one of them to access Vercel’s Google Workspace. (context.ai) Context.ai said Vercel was not its customer, but at least one Vercel employee had signed up for the AI Office Suite with a Vercel Google Workspace account and granted “Allow All” permissions. Context.ai also said Vercel’s internal OAuth settings appeared to let that approval carry broad access inside the company workspace. (context.ai) (theregister.com) That matters beyond one hosting company because Vercel runs infrastructure used by web teams building on Next.js, its open-source framework. TechCrunch reported Vercel warned the incident could affect “hundreds of users across many organizations,” pointing to downstream exposure if stolen keys were reused elsewhere. (techcrunch.com) (vercel.com) Vercel said its Next.js and Turbopack projects were not affected. Chief executive Guillermo Rauch urged customers to rotate keys and credentials in deployments marked “non-sensitive,” the category Vercel said the attacker could read. (techcrunch.com) Reports on cybercrime forum listings put the price near $2 million for the stolen data. TechCrunch said the seller claimed ties to ShinyHunters, while also noting the group told BleepingComputer it was not involved. (techcrunch.com) (bleepingcomputer.com) The breach turned on a common convenience: an employee used a third-party AI app, clicked through broad Google permissions, and the vendor was breached first. Vercel and Context.ai have both said they are still investigating, and Vercel said it will contact customers again if it finds additional evidence of compromise. (context.ai) (theregister.com)