Vercel confirms breach as hackers claim to be selling stolen data

Vercel, a cloud development platform, has confirmed a security breach after threat actors claimed to have stolen data. The breach affected a limited subset of customers and was caused by the compromise of a third-party AI tool's Google Workspace OAuth application. An employee's Google Workspace account was compromised via a breach at Context.ai, allowing attackers to access Vercel environments and environment variables not marked as sensitive. Vercel is working with impacted customers and advising them to review environment variables and rotate secrets if needed. The company's investigation has confirmed that its open-source projects, including Next.js, remain safe. Vercel has rolled out updates to its dashboard to improve environment variable management.