Summary
Vercel suffered a data breach after a third-party AI tool's Google Workspace OAuth app was compromised, allowing attackers to access internal systems and allegedly exfiltrate employee data, source code, and API keys.
Take Action:
If you're a Vercel customer, reach out to Vercel immediately. Immediately check your Google Admin Console (https://admin.google.com/ac/owl/list?tab=apps) filtering by app ID 110671459871-30f1spbu0hptbs60cb4vsmv79i7bbvqj.apps.googleusercontent.com: if it appears, revoke access and rotate all exposed secrets (NPM/GitHub tokens, API keys, deployment credentials). Finally, audit your Vercel deployments and Linear workspace for suspicious activity.
Read the full article on BeyondMachines
This article was originally published on BeyondMachines
Top comments (0)