
Vercel breach exposes customer data via compromised AI tool
Vercel confirmed a security incident where a compromised third party AI tool with a Google Workspace OAuth app exposed employee names, email addresses, and activity timestamps for a limited subset of customers; the attackers, linked to ShinyHunters, posted data online and Vercel warns hundreds of users across many organizations could be affected. Admins should review activity logs, rotate environment variables, and vet the compromised app for suspicious usage to detect malicious activity.
