Overview
- Vercel disclosed Sunday that attackers accessed certain internal systems and said a limited subset of customers was affected.
- The company said the entry point was a compromised third-party AI tool’s Google Workspace OAuth app, with CoinDesk reporting the tool as Context.ai based on its CEO’s post.
- A self-described ShinyHunters actor posted 580 employee records and advertised access keys and source code for $2 million, claims that have not been independently verified.
- Vercel said environment variables marked sensitive were not read and urged customers to review logs and rotate other variables, and crypto projects such as Orca reset deployment credentials as a precaution.
- The company engaged incident-response firms, notified law enforcement, shared indicators of compromise, and updated its dashboard, warning teams to audit builds for possible downstream tampering.