Vercel says internal systems hit in breach

Source: Hacker News

Update

Vercel, a widely used cloud platform for developing and deploying apps, has disclosed a breach of its internal systems affecting a “limited subset of customers.” The incident came to light on Sunday, and the company has engaged an incident‑response provider to investigate the intrusion.

Details of the Breach

• The intrusion originated from a compromised third‑party AI tool whose Google Workspace OAuth app was part of a broader compromise that could affect hundreds of users across many organizations.
• Vercel did not name the app but included indicators of compromise (IOCs) for it.
• Because the breach stemmed from a third‑party application, additional related incidents may emerge in the coming hours or days.

Company Response

“We’ve identified a security incident that involved unauthorized access to certain internal Vercel systems. We are actively investigating, and we have engaged incident response experts to help investigate and remediate. We have notified law enforcement and will update this page as the investigation progresses,” the company said in a statement.

“At this time, we have identified a limited subset of customers that were impacted and are engaging with them directly.”

Vercel has not specified which systems were compromised or how many customers are affected.

Recommendations for Customers

• Review activity logs for any suspicious activity.
• Rotate environmental variables as a precaution.
• Use Vercel’s “sensitive environmental variables” feature to mark items such as API keys as sensitive, causing them to be stored in an unreadable format.

This story was updated on April 19 to add information about the source of the intrusion.