Vercel, a prominent platform known for hosting and deploying web applications, has found itself at the center of a security breach. Hackers have infiltrated their systems and are now attempting to sell the stolen data. This breach comes from a group claiming to be part of ShinyHunters, infamously associated with the recent hack of Rockstar Games. They have already released some of the compromised information online, which includes names of employees, their email addresses, and activity timestamps.

In response, Vercel confirmed the occurrence of a “security incident” through a statement on X, clarifying that only a “limited subset” of its customers was affected. The company revealed that the attack was facilitated through a compromised third-party AI tool, though they refrained from specifying which third-party was involved in the breach.

Our investigation has revealed that the incident originated from a third-party AI tool whose Google Workspace OAuth app was the subject of a broader compromise, potentially affecting hundreds of its users across many organizations.

We are publishing the following IOC to support the wider community in the investigation and vetting of potential malicious activity in their environments. We recommend that Google Workspace Administrators and Google Account owners check for usage of this app immediately.