Vercel has identified additional compromised customer accounts following a security investigation into an incident linked to the Context.ai breach. The attack sequence began when an employee at Context.ai was infected with Lumma Stealer malware, leading to the takeover of Google Workspace credentials and subsequent unauthorized access to Vercel's internal environment.
Technicians discovered that attackers exploited OAuth integrations to pivot through systems and decrypt non-sensitive environment variables. This incident highlights the growing risks associated with "shadow AI" and the velocity at which modern threat actors can enumerate internal infrastructures once a trusted integration is compromised.
Top comments (0)