Vetted by NeuralPress's Multi-Agent Verifier for strict factual validity and event relevance. Our compliance engine cross-checks and filters search results to ensure zero false correlations or misleading content.
Incident Timeline Analysis
The progression of the Vercel security breach lifecycle.
Primary Sources
App host Vercel says it was hacked and customer data stolen
Cloud app hosting giant Vercel this weekend said hackers had breached its internal systems and accessed customer data. Hackers have claimed they have stolen sensitive customer credentials from Vercel’s systems and are selling the data online. In a statement on Sunday, Vercel said the breach originated from another software maker, Context AI. One of Vercel’s employees downloaded an app made by Context AI and connected it to their corporate account, which is hosted by Google. The hackers used that connection (known as OAuth) to take over the Vercel employee’s Google account and gain access to some of Vercel’s internal systems, including credentials that were not encrypted. Vercel says its Next.js and Turbopack projects were not affected by the breach. Both open source projects are widely used by web and app developers. Vercel said it has contacted customers whose app data and keys were compromised. In a post on X, Vercel chief executive Guillermo Rauch advised customers to rotate any keys and credentials in their app deployments that are marked as “non-sensitive.” It’s not clear who is behind the breach at Vercel or Context AI, or if they are the same hacker. The threat actor selling the data claimed to be representing the ShinyHunters hacking group in their listing on a cybercriminal forum. The post, seen by TechCrunch, claimed the hackers were selling access to customer API keys, source code, and database data stolen from Vercel. The ShinyHunters hacker group, known for breaching cloud-based and database companies, told cybersecurity news site Bleeping Computer that they are not involved in this incident. While details of the hack are still emerging, this security breach is the latest in a string of “supply chain” hacks in recent months that have targeted software developers whose code is widely used across the web. By compromising software that’s widely used by companies and supports web infrastructure, hackers can steal credentials from a broad range of targets at once and gain further access to large amounts of data stored by other cloud giants. Vercel said little else about the attack, except that it was investigating the incident and had sought answers from Context AI. Vercel said the hack may affect “hundreds of users across many organizations,” and not just its own system, warning of potential downstream breaches spanning the tech industry. Context AI, which builds evaluations and analytics for AI models, confirmed on its website that it ha...
Vercel confirms breach as hackers claim to be selling stolen data
Update 4/19/26: Added additional information from Vercel that was disclosed after publishing. Cloud development platform Vercel has disclosed a security incident after threat actors claimed to have breached its systems and are attempting to sell stolen data. Vercel is a cloud platform that provides hosting and deployment infrastructure for developers, with a strong focus on JavaScript frameworks. The company is known for developing Next.js, a widely used React framework, and for offering services such as serverless functions, edge computing, and CI/CD pipelines that enable developers to build, preview, and deploy applications. In a security bulletin published today, the company said a limited subset of customers was affected by a security breach. "We've identified a security incident that involved unauthorized access to certain internal Vercel systems," warns Vercel. "We are actively investigating, and we have engaged incident response experts to help investigate and remediate. We have notified law enforcement and will update this page as the investigation progresses." The company says its services have not been impacted and that it is working with impacted customers. Vercel says it is taking steps to protect its customers, advising them to review environment variables, use its sensitive environment variable feature, and to rotate secrets if needed. After publishing this story, Vercel updated its advisory to state that the breach stemmed from the compromise of a third-party AI tool's Google Workspace OAuth application. Vercel is advising Google Workspace administrators and Google account owners to check for the following application: OAuth App: 110671459871-30f1spbu0hptbs60cb4vsmv79i7bbvqj.apps.googleusercontent.com Vercel CEO Guillermo Rauch later shared additional details on X, stating that the initial access occurred after a Vercel employee's Google Workspace account was compromised via a breach at the AI platform Context.ai. According to Rauch, the attacker then escalated access from the compromised account into Vercel environments, where they were able to access environment variables that were not marked as sensitive and therefore not encrypted at rest. While intended to contain non-sensitive information, the attacker gained further access after enumerating these variables. "Vercel stores all customer environment variables fully encrypted at rest. We have numerous defense-in-depth mechanisms to protect core systems and customer data," R...
Vercel confirms security incident as hackers claim to sell internal access
The listing advertises "access keys, source code, and database" data, along with API keys and tokens allegedly tied to internal deployments and developer environments. The threat actor further suggests that the data could enable a large-scale supply-chain attack targeting applications built on Vercel's platform.
'We've identified a security incident': Vercel breach confirmed after ...
The cloud development platforms has confirmed a breach after a hacker posted info for sale online.
