Hackers have reportedly breached the internal systems of Vercel, compromising customer data, including sensitive credentials. The breach is linked to a third-party application developed by Context AI, which was downloaded by a Vercel employee, allowing unauthorized access through a Google-hosted corporate account.
The security incident raises concerns, as the hackers allegedly claim to represent the ShinyHunters group and are offering stolen customer information, such as API keys and source code, on a cybercriminal forum. However, representatives from ShinyHunters have stated they are not connected to this breach.
In response to the incident, Vercel has contacted affected customers and recommended that they rotate any "non-sensitive" credentials associated with their deployments. The company has not disclosed the exact number of impacted users but indicated that the breach could affect "hundreds of users across many organizations."
This incident highlights ongoing challenges related to "supply chain" security, where vulnerabilities in widely used software can lead to extensive data theft across multiple platforms. Vercel continues to investigate the breach and is seeking further information from Context AI.