Key Takeaways
- A breach of cloud hosting platform Vercel stemmed from a compromised app made by Context AI, which was connected to an employee’s account.
- Credentials for “a limited subset of customers” were compromised.
- A hacker claims to be selling the data, which allegedly contains access keys, source code, and database information.
Cloud hosting platform Vercel has just revealed a big internal data breach.
The security incident stemmed from a breach in a third-party AI tool’s Google Workspace OAuth application, which threat actors used to access an employee’s Workspace account.
The company has confirmed that its popular open-source projects, including Next.js and Turbopack, remain secure.
What to Know About the Breach
The breach was due to an app made by Context AI, Vercel says, which one employee downloaded and connected to their corporate account.
In its statement about the incident, Vercel said that the credentials for “a limited subset of customers” were compromised. Anyone who hasn’t already been contacted was not in that group, they say.
This just in! View
the top business tech deals for 2026 👨💻
Vercel has “deployed extensive protection measures and monitoring,” the company added.
A Hacker Claims to Be Selling Breached Data
There’s more to the story: A threat actor calling themself “ShinyHunters” has taken credit for breaching Vercel in a hacking forum, Bleeping Computer reports.
The hacker also claims to be selling the stolen data, which reportedly includes:
- Access keys
- Source code
- Database data
- Internal deployments
- API keys
The forum post further explains that, “the access I’m about to give you includes multiple employee accounts with access to several internal deployments, API keys (including some NPM tokens and some GitHub tokens).”
These claims haven’t been verified, however, so we don’t know for sure how much of what the hacker is saying is true.
Supply Chain Hacks on the Rise
The incident is an example of the growth of a type of hack that targets software developers that provide commonly used code. In this case, Vercel is behind the popular React framework Next.js.
Granted, this framework wasn’t impacted in this particular hack, but if successfully compromised, the software could open up a broad range of targets for hackers hoping to access data at scale. After all, the Vercel breach emerged through a breach at Context AI.
CEO Guillermo Rauch addressed the incident on his personal social media account, saying that “my advice to everyone is to follow the best practices of security response: secret rotation, monitoring access to your Vercel environments and linked services, and ensuring the proper use of the sensitive env variables feature.”
We’ve previously reported on a study that found one in four data breaches are due to exploits of third-party apps. Looks like we can now add one more example to the list.
