We’ve identified a security incident that involved unauthorized access to certain internal Vercel systems. We are actively investigating, and we have engaged incident response experts to help investigate and remediate. We have notified law enforcement and will update this page as the investigation progresses.
In this bulletin:
At this time, we have identified a limited subset of customers that were impacted and are engaging with them directly.
Our services remain operational, and we will continue to update this page with new information.
We are taking actions to protect Vercel systems and customers.
Our investigation is ongoing. In the meantime, here are best practices you can follow for peace of mind:
- Review the activity log for your account and environments for suspicious activity.
- Review and rotate environment variables and take advantage of the sensitive environment variables feature.
For support rotating your secrets or other technical support, contact us through vercel.com/help.
Our investigation has revealed that the incident originated from a third-party AI tool with hundreds of users whose Google Workspace OAuth app was compromised.
We are publishing the following IOC to support the wider community in the investigation and vetting of potential malicious activity in their environments. We recommend that Google Workspace Administrators and Google Account owners check for usage of this app immediately.
OAuth App: 110671459871-30f1spbu0hptbs60cb4vsmv79i7bbvqj.apps.googleusercontent.com
