Vercel Hack Exposes Customer Data
▼ Summary
– Hackers breached Vercel’s internal systems, accessed customer data, and are selling stolen credentials online.
– The breach originated via a compromised OAuth connection from a Context AI app used by a Vercel employee.
– Vercel’s Next.js and Turbopack projects were unaffected, but customer app data and keys were compromised.
– The incident is part of a trend of supply chain hacks targeting widely used software developers.
– Context AI confirmed a related March breach, which it now believes is broader than initially thought.
A significant security incident at cloud hosting platform Vercel has exposed customer data, with hackers claiming to sell stolen credentials online. The company confirmed the breach over the weekend, attributing the initial compromise to a third-party software provider. This event highlights the persistent risks of supply chain attacks targeting critical web infrastructure.
According to Vercel’s statement, the intrusion began when an employee downloaded an application from a company called Context AI and linked it to a corporate Google account. Attackers exploited this OAuth connection to seize control of the employee’s Google account. From there, they infiltrated certain internal Vercel systems, obtaining access to unencrypted credentials. The company emphasized that its core Next.js and Turbopack open-source projects remained unaffected.
Vercel has begun notifying customers whose application data and keys were potentially compromised. CEO Guillermo Rauch advised users via social media to proactively rotate any non-sensitive keys and credentials in their deployments. The exact scope of the breach is still under investigation, but Vercel indicated it could impact hundreds of users across numerous organizations, raising concerns about potential downstream breaches throughout the tech sector.
On a cybercrime forum, a threat actor listing the stolen data for sale claimed affiliation with the notorious ShinyHunters hacking group. The listing, which included offers for customer API keys, source code, and database information, was reviewed by reporters. However, ShinyHunters itself has publicly denied any involvement in this specific incident.
The breach’s origin traces back to Context AI, a firm that builds evaluation tools for artificial intelligence models. Context AI confirmed on its website that a March security incident involved its consumer-facing Office Suite app. This application uses a third-party service to automate workflows across other software. The company stated that hackers likely compromised OAuth tokens for some of its users and now believes the incident’s impact is broader than initially assessed. Context AI did not explain why the breach was not disclosed earlier or whether any ransom demands were made.
This event is the latest in a series of software supply chain attacks, where compromising a single, widely used service can provide hackers with a gateway to a vast array of downstream targets. By targeting developers and platforms that form the backbone of web infrastructure, attackers can steal credentials from a wide range of victims simultaneously. Both Vercel and Context AI declined to answer further questions about the number of affected customers or the investigation’s details.
(Source: TechCrunch)![Guillermo Rauch speaks at Human[X] conference, gesturing with his hand.](https://digitrendz.blog/wp-content/uploads/2026/04/Vercel-founder-Guillermo-Rauch-390x220.webp)
