Vercel, the cloud deployment platform that powers a significant slice of the modern web, confirmed on Sunday that attackers gained unauthorized access to its internal systems — and that a threat actor is now selling what they claim is the stolen data on BreachForums, asking million with an initial payment of ,000 in Bitcoin.
The company published a security bulletin acknowledging the incident and stating that a "limited subset of customers" was affected. It has notified law enforcement, engaged external incident response specialists, and says it has directly contacted known affected customers. Vercel's services, it noted, remain operational. The bulletin was careful to describe exposed environment variables as "non-sensitive" — a characterization that security researchers are already disputing.
The attack vector was not a direct breach of Vercel's own perimeter. According to the company's account, the entry point was a small third-party AI tool whose Google Workspace OAuth application was independently compromised. That tool had access to internal Vercel systems, and when the OAuth app fell, so did that access. In other words: Vercel did not get hacked so much as it got hacked through a vendor that got hacked — the exact kind of supply chain exposure that every enterprise security team has nightmares about and that most corporate procurement processes still fail to adequately screen.
The group claiming credit posted under a name associated with ShinyHunters, though individuals linked to the broader ShinyHunters network have separately told BleepingComputer they are not involved in this specific incident. Attribution in the ransomware-adjacent hacking ecosystem is frequently murky. What is not murky is the list of materials on offer: access keys, source code, employee account credentials, API keys, NPM tokens, GitHub tokens, and data from Vercel's internal Linear project management system.
That last item — NPM tokens — is what has the security community most concerned. Vercel hosts Next.js, which sees roughly 6 million weekly downloads. The framework is not just popular; it is infrastructure. A credible release-path compromise at Vercel would not be a single-company incident. It would be a supply chain attack with the potential to affect millions of downstream projects and the developers who trust them. Vercel has been down this road before: in September 2025, a supply chain attack compromised 18 high-profile NPM packages with over two billion combined weekly downloads. The company responded publicly and, by most accounts, competently. That prior incident makes this one land harder, not softer.
The timing is spectacular in its inconvenience. Six days ago, Vercel CEO Guillermo Rauch was publicly signaling IPO readiness, telling the HumanX conference that the company was "ready and getting more ready every day." The company's ARR has grown from million at the start of 2024 to a million run rate as of February 2026, fueled in part by the explosion in AI-generated applications — 30 percent of apps running on the platform now originate from AI agents. A security incident of this profile, confirmed days after the CEO waved the IPO flag, is exactly the kind of event that complicates a prospectus.
If you are a Vercel customer: rotate your secrets. The company is recommending review of environment variables and use of its sensitive environment variable feature. Do not wait for confirmation that your account was specifically affected. The cost of rotating credentials is low. The cost of not rotating them, if the stolen data is as comprehensive as the attackers claim, is considerably higher.
Vercel has not confirmed the full scope of what was taken. Investigations of this kind rarely resolve quickly, and the gap between what a company knows and what it can say publicly tends to be widest in the first 72 hours. Expect updates.