Web infrastructure company Vercel had data stolen via a third party AI application that an employee signed up for with a work Google account.
Vercel, known for developing the popular React framework Next.js, was compromised through an employee using Context.ai, an AI platform whose Google Workspace OAuth app had been separately compromised.
Attackers gained access to the employee's Google Workspace account and some Vercel environments via the compromised app.
Vercel said in a blog post on Sunday "the incident originated from a small, third-party AI tool whose Google Workspace OAuth app was the subject of a broader compromise, potentially affecting its hundreds of users across many organizations."
