By REBECCA RUTHERFORD
Los Alamos
For the Los Alamos Daily Post
Fun new game: guess which link in a chain of events caused a major cloud platform breach this week.
A. Was it a sophisticated zero-day?
B. A nation-state attack on critical infrastructure?
C. A hard-to-detect supply chain implant buried in open source code?
Nope. Someone at a small AI startup was looking for Roblox cheats. Yikes!
Not even joking here! Researchers at Hudson Rock traced the Vercel breach that came to light this weekend all the way back to February, when an employee at Context.ai downloaded Lumma Stealer malware while hunting for Roblox game exploits. Lumma Stealer is an infostealer, which means its whole job is to suck up credentials, tokens, and session data from whatever machine it lands on – and then quietly hand all of that to the bad actors running it.
From that one infected laptop, the attacker worked their way into Context.ai’s AWS environment and snagged OAuth tokens for some of that company’s users. One of those users happened to be a Vercel employee who had granted the Context AI Office Suite full access to their Google Workspace account. Full access, as in the attacker now had the keys to that employee’s Vercel Google Workspace, and from there, access to Vercel environment variables and, eventually, some customer credentials.
Vercel CEO Guillermo Rauch described the attackers as “highly sophisticated” and suspects AI accelerated their movement through the chain. The threat group ShinyHunters is claiming credit, though security researchers think that may be a distraction meant to throw researchers off from the real culprits.
So what do we take away from this, besides the obvious lesson that hunting for Roblox cheats is a terrible idea on a work machine? Third-party app permissions! They are the sleeper threat in nearly every organization right now. Every time someone authorizes a new productivity app with “full access” to their Google Workspace or Microsoft account, they are handing that app – and everyone who might ever compromise it – a master key. OAuth tokens do not expire automatically. Permissions do not shrink over time. And most people never think twice about that little “Allow” button. But perhaps we should…
Do yourself a favor this week: open your Google account, go to Security, and look at what third-party apps have access to your stuff. You might be surprised what is sitting there. If you do not recognize it or do not use it anymore, revoke it. The attacker in this story did not need a magic trick. They needed one employee, one bad download, and one overpermissioned integration.
That was all they needed to get in, and wreck stuff.
Stay skeptical out there, Los Alamos, and play your games the old fashioned way, with no cheat codes and a case of mountain dew!
Editor’s note: Rebecca Rutherford works in information technology at Los Alamos National Laboratory.