"Vercel's security bulletin states that on April 19, the company identified a security incident that involved unauthorized access to certain internal Vercel systems, leading to credential compromise for a limited subset of customers."
"The incident originated with a compromise of Context.ai, a third-party AI tool used by a Vercel employee, which allowed the attacker to take over the employee's Vercel Google Workspace account."
"Context.ai admitted that during the incident last month, the unauthorized actor likely compromised OAuth tokens for some of its consumer users, highlighting the broader implications of the security breach."
Vercel identified a security incident on April 19 involving unauthorized access to internal systems, compromising credentials for a limited number of customers. The company advised affected customers to rotate their credentials and is investigating potential data exfiltration. The breach originated from Context.ai, a third-party AI tool, which allowed an attacker to access a Vercel employee's Google Workspace account. Context.ai also reported a previous security incident involving unauthorized access to its AWS environment, which may have compromised OAuth tokens for some users.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]