Vercel confirms breach as hackers claim to be selling stolen data
Vercel confirms security breach; threat actors claim to be selling stolen data and credentials.
Summary
Cloud development platform Vercel disclosed a security incident involving unauthorized access to internal systems, affecting a limited subset of customers. Threat actors claiming to be ShinyHunters posted on hacking forums claiming to sell access keys, source code, database data, API keys, NPM tokens, and GitHub tokens, along with employee information and internal deployment screenshots. Vercel has engaged incident response experts, notified law enforcement, and advised affected customers to review environment variables and rotate secrets.
Full text
Vercel confirms breach as hackers claim to be selling stolen data By Lawrence Abrams April 19, 2026 01:32 PM 0 Cloud development platform Vercel has disclosed a security incident after threat actors claimed to have breached its systems and are attempting to sell stolen data. Vercel is a cloud platform that provides hosting and deployment infrastructure for developers, with a strong focus on JavaScript frameworks. The company is known for developing Next.js, a widely used React framework, and for offering services such as serverless functions, edge computing, and CI/CD pipelines that enable developers to build, preview, and deploy applications. In a security bulletin published today, the company said a limited subset of customers was affected by a security breach. "We've identified a security incident that involved unauthorized access to certain internal Vercel systems," warns Vercel. "We are actively investigating, and we have engaged incident response experts to help investigate and remediate. We have notified law enforcement and will update this page as the investigation progresses." The company says its services have not been impacted and that it is working with impacted customers. Vercel says it is taking steps to protect its customers, advising them to review environment variables, use its sensitive environment variable feature, and to rotate secrets if needed. Hacker claims to be selling stolen Vercel data The disclosure comes after a threat actor claiming to be "ShinyHunters" posted on a hacking forum that they had breached Vercel and were selling access to company data. It should be noted that while the hacker claims to be part of the ShinyHunters group, threat actors linked to recent attacks attributed to the ShinyHunters extortion gang have denied to BleepingComputer that they are involved in this incident. In the forum post, the hacker claimed to be selling access keys, source code, and database data allegedly stolen from Vercel, along with access to internal deployments and API keys. "This is just from Linear as proof, but the access I'm about to give you includes multiple employee accounts with access to several internal deployments, API keys (including some NPM tokens and some GitHub tokens)," reads the forum post. A screenshot of a forum post shared by the threat actor on Telegram The attacker also shared a text file containing Vercel employee information, which consists of 580 data records containing names, Vercel email addresses, account status, and activity timestamps. They also shared a screenshot of what appears to be an internal Vercel Enterprise dashboard. BleepingComputer has not been able to independently confirm if the data or screenshot is authentic. In messages shared on Telegram, the threat actor also claimed they were in contact with Vercel regarding the incident and that they discussed an alleged ransom demand of $2 million. BleepingComputer contacted Vercel with additional questions about the breach, including whether any sensitive data or credentials were exposed and if they are negotiating with the attackers, and will update this story if we receive a response. 99% of What Mythos Found Is Still Unpatched. AI chained four zero-days into one exploit that bypassed both renderer and OS sandboxes. A wave of new exploits is coming.At the Autonomous Validation Summit (May 12 & 14), see how autonomous, context-rich validation finds what's exploitable, proves controls hold, and closes the remediation loop. Claim Your Spot Related Articles: Data breach at edtech giant McGraw Hill affects 13.5 million accountsMcGraw-Hill confirms data breach following extortion threatStolen Rockstar Games analytics data leaked by extortion gangHims & Hers warns of data breach after Zendesk support ticket breachCERT-EU: European Commission hack exposes data of 30 EU entities