Vercel hacked, hacker using ShinyHunters name to sell data for $2 million

Cloud development platform Vercel has stated that its systems were compromised in a recent security incident. According to the company, the attack originated from a compromised third-party AI tool. The breach has impacted a limited number of customers, according to the company.

According to the company’s website, it has clients including the likes of OpenAI, Cursor, Pinterest, and Bose. The data stolen in this attack could create bigger disruptions. Though Vercel claims that no sensitive information was accessed by the hackers.

As per reports, the people behind the attack are likely part of ShinyHunters, a group that recently targeted GTA makers Rockstar games. The hackers claim to be selling the data from this attack on Vercel online.

What is Vercel?

Vercel is a cloud platform that hosts and deploys web apps. The company is known for developing the popular Next.js framework, a widely used React framework. It also provides services that enable developers to build, preview, and deploy applications.

The platform has a big portfolio of customers spanning industries such as software, retail, and AI. Vercel states that only a limited number of its customers were likely impacted by this breach.

Vercel attack started from AI tool

The company wrote in a blog post that the attack originated from a compromised “third-party AI tool” used by an employee. However, it does not explicitly name which tool it was.

The threat actors were able to get access to the employee’s Google Workplace account from this AI tool, and then gain access to some of Vercel’s environment variables, which are stored outside an app’s code, and tell an app how to function. Though, the platform claims that the hackers only got the variables that were not marked as “sensitive.”

Hackers say this can start supply chain attack

Vercel’s clarification came after users of a hacking forum claimed to be selling information about Vercel’s customers. The hacker claims that this data could be used for a major attack on the global supply chain. The forum post reads, “We have verified access keys for a potential global supply chain attack. We’re selling this access. Are you interested in buying it?”

The hackers claim to be part of ShinyHunters. However, As per a report from Bleepingcomputer, the ShinyHunters group has denied such claims.

The hackers also shared a text file which contains Vercel employee information – 580 data records containing names, email addresses, account status, and activity timestamps. As per reports, the hackers discussed an alleged ransom demand of $2 million (roughly Rs 18.5 crore).

What happens now?

Following the breach, Vercel has advised its customers to review their environment variables for sensitive information and to rotate secrets if necessary. The company has also rolled out updates to its dashboard, including an improved interface for managing sensitive environment variables.

While Vercel’s core services remain unaffected, the company is working with impacted customers and has notified law enforcement. Vercel has also published an indicator of compromise (IOC) to assist the wider community in investigating potential malicious activity.

Latest

Apple may have dropped big AI Siri hint ahead of WWDC 2026

Apple may have given us the first glimpse of a new Siri set to be unveiled later this year. As per a report, Apple’s teaser for WWDC 2026 hinted at a new glow

No relief for consumers? Memory shortage may not normalise till 2027

The demand for AI data centres has skyrocketed prices for memory and chips, leading to a price increase across products like smartphones and PCs.. As per a new

IPhone 18 Pro Max launching soon: New Cherry colour variant, price, processor and expected upgrades

Rumors about the iPhone 18 Pro Max continue as leaks reveal potential color options, including Dark Red, Light Blue, Dark Cherry, Dark Gray, and Silver. The pho

IPhones may soon allow you to share maps and photos without internet

Apple is looking to take iPhone satellite features beyond emergencies, adding maps, photos and possibly even faster connectivity without a network.

Nvidia’s Jensen Huang warns DeepSeek running on Huawei chips is a ‘horrible outcome’ for US

Nvidia CEO Jensen Huang cautions that Chinese AI models like DeepSeek could harm US technology standards. He also emphasizes the need for the US to maintain its

Topics

Delhi power bills may rise after tribunal rejects plea on Rs 30,000 crore dues

The dues are linked to pending recoveries payable to Delhi’s power distribution companies (discoms) under a larger liquidation plan aimed at clearing long-sta

ICICI Bank vs HDFC Bank after Q4: Which stock looks like a better buy now?

ICICI Bank gained after Q4 results while HDFC Bank slipped, raising a key investor question. Which private banking giant now offers better growth, dividends and

No Rahul Gandhi backing for Stalin: Annamalai hints at DMK-Congress rift

DMK clarifies campaign plans for upcoming Tamil Nadu elections

Big relief for shipping industry: India clears Rs 13,000 crore insurance pool

A move to protect India's maritime trade from global insurance market shocks

ICICI Bank rises nearly 2% after Q4 results: Should you buy now?

ICICI Bank reported a net profit of about Rs 13,702 crore for the fourth quarter, up 8.5% from a year ago. It also announced a dividend of Rs 12 per share for F

Criticising DMK is entry route to politics: Stalin dismisses Vijay’s attacks

Vijay's attacks on DMK seen as visibility strategy by CM Stalin

HDFC Bank drops 1% after Q4 results: Profit rises, so why is stock down?

HDFC Bank reported a net profit of about Rs 19,221 crore for the fourth quarter, up around 9% from a year ago. But shares of India's largest private lender fell

JEE Main 2026: What is the difference between marks and percentile?

The JEE Main 2026 result has been released by the National Testing Agency (NTA), leaving students eager to understand their scores and rankings. However, confus
spot_img

Related Articles

Popular Categories

spot_imgspot_img