Vercel says its internal systems were accessed after a Vercel employee's Google Workspace account was compromised via a breach at the AI platform Context.ai
Update 4/19/26: Added additional information from Vercel that was disclosed after publishing. — Cloud development platform Vercel …
BleepingComputer Lawrence Abrams
Related Coverage
- Vercel April 2026 security incident Vercel
- Next.js developer Vercel warns of customer credential compromise The Register · Simon Sharwood
- Vercel Breach Raises Concerns After Hackers Claim $2 Million Data Sale The Hans India · Kahekashan
- Vercel Says Internal Systems Hit in Breach Decipher · Dennis Fisher
- Cloud hosting firm Vercel confirms ‘limited’ hack of user info Cointelegraph · Jesse Coghlan
- Vercel Security Breach: Hacker Demands $2M as Crypto Projects Scramble to Secure Keys Blockonomi · Trader Edge
- Vercel Security Breach Traced to Compromised AI Tool, Crypto Projects Scramble to Rotate Credentials Blockhead
- Vercel breach linked to AI tool, credentials compromised crypto.news · Olivia Stephanie
- Vercel Incident Linked to AI Tool Hack, Internal Access Gained The Cyber Express · Samiksha Jain
- Vercel data leak: CEO confirms internal breach linked to AI tool as hackers claim to sell stolen data for $2 million Livemint · Aman Gupta
- Vercel CEO blames highly sophisticated AI for speeding up the massive internal data breach PiunikaWeb · Dwayne Cubbins
- Web3 hosting backbone Vercel confirms breach as supposed hacker demands $2 million ransom The Block · Zack Abrams
- Vercel Confirms Data Breach — Hackers Claim Access to Internal Systems Cyber Security News · Guru Baran
- Hack at Vercel sends crypto developers scrambling to lock down API keys CoinDesk
- The Vercel Breach Isn't Just a Security Incident. It's What AI Sprawl Looks Like. Peridot Blog · Mark
- Vercel Confirms Security Breach The Information · Nick Wingfield
- Cloud development platform Vercel was hacked The Verge · Terrence O'Brien
- Vercel confirms security incident as hackers claim to sell internal access CyberInsider · Amar Ćemanović
- Cloud deployment firm Vercel breached, advises secrets rotation iTnews · Juha Saarinen
- Vercel just confirmed an internal breach, and your non-sensitive env vars may be exposed XDA Developers · Simon Batt
- Vercel Breach Tied to Context AI Hack Exposes Limited Customer Credentials The Hacker News
- Vercel confirmed a #databreach after attackers accessed internal systems via a compromised employee account linked to Context.ai. — https://www.bleepingcomputer.com/ ... @DevaOnBreaches@infosec.exchange
- Vercel April 2026 security incident Hacker News
- Vercel says internal systems hit in breach Hacker News
- Daily News Stuff 20 April 2026 Ace of Spades HQ · Pixy Misa
- 'We've identified a security incident': Vercel breach confirmed after hackers claim stolen data for sale online TechRadar · Sead Fadilpašić
- Vercel confirms data breach linked to third-party AI tool: All you need to know The Indian Express
- Vercel Crypto Hack Update: No Funds Affected, API Key Risks in Focus The Coin Republic · Rupam Roy
- ‘Highly Sophisticated,’ AI-Powered Hackers Behind Vercel Breach: CEO Decrypt · Callan Quinn
- Vercel April 2026 Incident: Non-Sensitive Environment Variables Need Investigation Too Security Boulevard · Guillaume Valadon
- Hackers exploit Vercel's trust in AI integration CSO · Shweta Sharma
- Vercel Confirms Security Breach as Hacker Demands $2 Million and Claims to Sell Internal Access Unchained
- Third-party AI hack triggers Vercel breach, internal environments accessed Security Affairs · Pierluigi Paganini
- The Vercel Breach: OAuth Supply Chain Attack Exposes the Hidden Risk in Platform Environment Variables Trend Micro · Peter Girnus
- Vercel breach leaves DeFi frontends dangling on a $2M ransom Protos · Aaron Wise
- Vercel Confirms Breach as Hacker Demands $2 Million Ransom Coinspeaker · Daniel Francis
- Binance says platform, funds safe after Vercel supply chain breach crypto.news · Dorian Batycka
- Vercel Confirms Security Incident as Threat Actor Claims Stolen Data for Sale eSecurity Planet · Ken Underhill
- App host Vercel says it was hacked and customer data stolen TechCrunch · Zack Whittaker
- Security Incident Response Statement Context
- Vercel Data Breach Linked to Earlier Context.ai Compromise Security Boulevard · Jeffrey Burt
- Vercel data stolen via third-party AI tool employee brought to work The Stack · Kiera Fields
- Vercel breached via compromised third-party AI tool Help Net Security · Zeljka Zorz
- Vercel systems targeted after third-party tool compromised Cybersecurity Dive · David Jones
- AI cloud company Vercel breached after employee grants AI tool unrestricted access to Google Workspace — hacker seeking $2 million for stolen data Tom's Hardware · Luke James
- Vercel Traces Customer Data Theft to Agentic AI Tool Breach PaymentSecurity.io · Mathew J. Schwartz
- Vercel Breach Explained: OAuth Risk in AI + SaaS Environment Security Boulevard
- Breaking: Vercel Breach Linked to Infostealer Infection at Context.ai InfoStealers
Discussion
-
@rauchg
Guillermo Rauch
on x
I want to give you the rundown of the situation directly. A Vercel employee got compromised via the breach of an AI platform customer called context.ai that he was using. The details are being fully investigated. Through a series of maneuvers that escalated from our colleague'…
-
@diffekey
Alex
on x
Vercel has reportedly been breached by ShinyHunters. As of now, nobody else appears to be posting about this, so I'm sharing what I have. Here is the information I've gathered, along with screenshots provided by ShinyHunters. #cybernews #shinyhunters #breach #vercel #news [image]
-
@vercel
@vercel
on x
Our investigation is ongoing. In the meantime, we have updated the security bulletin with best practices you can follow for peace of mind: https://vercel.com/...
-
@k1rallik
BuBbliK
on x
VERCEL GOT HACKED ShinyHunters - the group behind the Ticketmaster breach - is selling Vercel's internal database for $2M on BreachForums here's why every developer should care: - they have NPM tokens and GitHub tokens - Vercel owns Next.js - 6 million weekly downloads - one mali…
-
@theo
@theo
on x
I have reason to believe this is credible. If you are using Vercel, it's a good idea to roll your secrets and env vars.
-
@darkwebinformer
@darkwebinformer
on x
‼️ Vercel has allegedly been breached by ShinyHunters, with a ransom demand of $2,000,000. https://vercel.com/... [image]
-
@ohryansbelt
Ryan
on x
Someone on BreachForums claiming to be ShinyHunters is selling what they say is Vercel's internal database, access keys, and source code for $2M. ShinyHunters is a black-hat hacker group known for a significant number of breaches and a “pay or leak” model. Vercel has confirmed a …
-
@shiri_shh
Shirish
on x
VERCEL just got breached. They're selling internal DB + employee accounts + GitHub/NPM tokens for $2M on BreachForums. looks like someone got early access to Claude Mythos 💀 [image]
-
@vercel
@vercel
on x
Our investigation has revealed that the incident originated from a third-party AI tool with hundreds of users whose Google Workspace OAuth app was compromised. We recommend that Google Workspace Administrators check for usage of this app immediately. https://vercel.com/...
-
M Mohan
M Mohan
on linkedin
Most people wont care to explain in plain english for non-developers, but here's what happened with Vercel and their security breach. …
-
Sergio Alonso
Sergio Alonso
on linkedin
https://lnkd.in/... The Vercel breach is a tough reminder of the “who watches the watchers” problem in the modern stack. …
-
Abhishek Agrawal
Abhishek Agrawal
on linkedin
Vercel just disclosed that their April 2026 breach originated in a compromised Google Workspace OAuth app belonging to a third-party AI tool. …
-
@zackwhittaker.com
Zack Whittaker
on bluesky
In other Sunday news, cloud app giant Vercel says it's been hacked that involved “unauthorized access to certain internal Vercel systems.” Some customers' affected, though it's not clear if any data was taken. Doesn't say what the security incident is, though, exactly. Unclear…
-
r/webdev
r
on reddit
Vercel Security Incident - rotate keys if you use their hosting
-
Eric Wise
Eric Wise
on linkedin
Oh look, a major breach *checks notes* — Yep, AI — https://lnkd.in/...
-
Mack Nevill
Mack Nevill
on linkedin
Vercel disclosed a platform breach yesterday, and the hacker group allegedly responsible are offering the dump for $2M on the darkweb right now. …
-
@gergelyorosz
Gergely Orosz
on x
I've confirmed that Context .ai was “audited” by Delve for SOC2 Redirects now deleted but https://trust.context.ai/ used to redirect to Delve themselves You cannot make this up...
-
@cramforce
Malte Ubl
on x
Because I've seen confusion about this: Context[.]ai is not the same company as the one that OpenAI acquired last April. We suspect the current owner, formerly known as context[.]inc, acquired the domain after that acquisition.
-
@steventey
Steven Tey
on x
Biggest takeaway from this: 3rd-party Google OAuth Apps that request scopes beyond the basic info (name/user/profile pic) is a dangerous attack vector. To safeguard your org from attacks like this, highly recommend asking your Google workspace admin to restrict “unconfigured [ima…
-
@benjamindekr
Benjamin De Kraker
on x
“We believe the attacking group to be highly sophisticated and ... significantly accelerated by AI. They moved with surprising velocity and in-depth understanding of Vercel.”
-
@gergelyorosz
Gergely Orosz
on x
The Vercel security breach is a reminder that each and every SaaS tool your team uses IS a security risk of its own - especially if they need broad data access to eg email, internet docs etc (many AI tools do just this) Security teams onboarding new vendors happens for a reason.
-
@lulumeservey
Lulu Cheng Meservey
on x
A good example — Don't wait for the investigation to be complete. Don't let PR and legal scare you into silence. Don't hide between deflections People just need to know, at a minimum, that you're personally leading the effort, that you care, that you're on it
-
@mattjay
Matt Johansen
on x
This is not a good look. Not only should Vercel's Google workspace not allowed an employee to accept all permissions to an OAuth token - to a company they weren't a paying contract holding customer of. This should've been easily detected by a number of security tools that audit […
-
@zackkorman
Zack Korman
on x
If you allow employees to authorize third party apps without admin approval then your entire vendor security review process is meaningless and you're going to get pwned. If this is true then Vercel was extremely negligent here. [image]
-
@gergelyorosz
Gergely Orosz
on x
Few things are more embarrassing for any company than to only learn from your customer that you have been breached. It's what happened with Context ai. Vercel acted as their security team. This could well be a business-ending event, as it shows the startup cannot be trusted. [ima…
-
@yuchenj_uw
Yuchen Jin
on x
> Vercel got pawned > severe enough to notify law enforcement > the only advice: “review your environment variables” > what does that even mean? > $10B company, and this is how you communicate Cyber attacks ramping fast, starting to see why Anthropic is scared to release Mythos.
-
@avgdatabaseceo
@avgdatabaseceo
on x
Vercel finally learns what it feels like to be on the receiving end of an outrageous surprise bill.
-
@shawmakesmagic
Shaw
on x
This vercel thing is a fucking apocalypse Hundreds possibly thousands of npm, pypi etc tokens not to mention tents of thousands of email, cloud provider keys etc Like why was this not encrypted what the actual fuck
-
@vtahowe
Allie Howe
on x
“We believe the attacking group to be highly sophisticated and, I strongly suspect, significantly accelerated by AI. They moved with surprising velocity” Speed has always mattered in security response but now it's imperative I'll be leading a panel at AI Council in SF next
-
Shubham Sharma
Shubham Sharma
on linkedin
Woke up to the Vercel security incident blowing up on X this morning. — First thing I did: — Rotated all environment variables on Vercel …
-
r/technology
r
on reddit
Cloud development platform Vercel confirms security breach
-
r/vercel
r
on reddit
Vercel confirms breach as hackers claim to be selling stolen data