https://www.bleepingcomputer.com/news/security/vercel-confirms-breach-as-hackers-claim-to-be-selling-stolen-data/
Article
-
Vercel confirmed a breach; hackers claim to be selling stolen data.
-
Incident traced to a third-party AI tool’s compromised Google Workspace OAuth app.
-
Potentially affects hundreds of organizations beyond Vercel.
-
Vercel notified law enforcement but hasn’t disclosed which systems were hit.
Discussion
-
Commenters noted Vercel’s vague “limited subset” language likely understates impact.
-
One OAuth token compromising CI, secrets, and deployments flagged as architectural failure.
-
nikcub argued Claude Code homogenizing infra choices increases breach blast radius.
-
Initial incident comms criticized as unhelpful—no actionable details for affected customers.
Discuss on HN
