The incident traces back to Context.ai, an artificial intelligence platform used by a Vercel employee. According to the company’s internal bulletin, “The attacker used that access to take over the employee’s Vercel Google Workspace account, which enabled them to gain access to some Vercel environments and environment variables that were not marked as ‘sensitive’.”
Vercel clarified that variables marked as ‘sensitive’ are stored in a way that prevents them from being read directly, but the company “currently do not have evidence that those values were accessed.”
While not confirmed, a post on The group was earlier associated with an attack on Rockstar Games, and is now being mentioned as a possible actor here as well.
ALSO READ | Iran-linked hackers breach FBI director’s personal email, publish excerpts online
The
attackers are attempting to sell the allegedly stolen data online for around $2 million.
Vercel has reportedly been breached by ShinyHunters. As of now, nobody else appears to be posting about this, so I’m sharing what I have. Here is the information I’ve gathered, along with screenshots provided by ShinyHunters.#cybernews #shinyhunters #breach #vercel #news pic.twitter.com/nkgoil19BT
—Alex (@DiffeKey) April 19, 2026
At the same time, Vercel has described the attacker as ‘highly sophisticated’ based on their operational velocity and detailed understanding its internal systems.
In terms of impact, Vercel stated that only a limited subset of customers appears to have been affected, whose credentials were potentially compromised.
“We reached out to that subset and recommended an immediate rotation of credentials,” the company added.
Addressing the situation publicly, CEO Guillermo Rauch said the company has taken several steps to strengthen its security posture and added, “We’ve analyzed our supply chain, ensuring Next.js, Turbopack, and our many open-source projects remain safe for our community.”
“We’ve already rolled out new capabilities in the dashboard, including an overview page of environment variables, and a better user interface for sensitive env var creation and management. As always, I’m totally open to your feedback,” he further wrote.
Here’s my update to the broader community about the ongoing incident investigation. I want to give you the rundown of the situation directly.
A Vercel employee got compromised via the breach of an AI platform customer called https://t.co/xksNNigVfE that he was using. The details…
— Guillermo Rauch (@rauchg) April 19, 2026
To handle the investigation, Vercel is working closely with multiple cybersecurity experts, including Mandiant, along with other industry partners and law enforcement agencies. It has also directly engaged Context.ai “to understand the full scope of the underlying compromise.”
