Next.js Creator Vercel Hacked

Vercel confirmed on Sunday that it has suffered an intrusion after a hacker offered to sell data allegedly stolen from the company’s systems. Vercel is best known as the company behind Next.js, the popular open source React framework for building web applications. It’s also known for its frontend cloud platform, which makes it easy to deploy, scale, and host web apps. A hacker using the online moniker ShinyHunters announced on BreachForums on April 19 the sale of Vercel databases, access keys, employee accounts, and source code, offering it for $2 million. “This could be the largest supply chain attack ever if done right”, the hacker said.  In a security incident notice published on Sunday and continuously updated since, Vercel confirmed unauthorized access to certain internal systems. The company says its investigation is ongoing, but it has confirmed that the credentials of a “limited subset of customers” were compromised. Impacted users have been notified and instructed to reset credentials. “The incident originated with a compromise of Context.ai, a third-party AI tool used by a Vercel employee,” Vercel said. “The attacker used that access to take over the employee’s Vercel Google Workspace account, which enabled them to gain access to some Vercel environments and environment variables that were not marked as ‘sensitive’.” Vercel CEO Guillermo Rauch explained in a post on X, “Vercel stores all customer environment variables fully encrypted at rest. We have numerous defense-in-depth mechanisms to protect core systems and customer data. We do have a capability however to designate environment variables as ‘non-sensitive’. Unfortunately, the attacker got further access through their enumeration.” Hudson Rock, a threat intelligence firm specializing in infostealer malware, reported that the Lumma stealer obtained a Context.ai employee’s credentials in February 2026, which may have facilitated the Vercel hack.  The BreachForums post offering the Vercel data appears to have been deleted, and the ShinyHunters group has reportedly denied being responsible for the attack. It remains to be seen whether the cybercrime group names Vercel on its data leak website. Vercel has promised to share more information as its investigation progresses.  Related: Wynn Resorts Says 21,000 Employees Affected by ShinyHunters Hack Related: European Commission Reports Cyber Intrusion and Data Theft Related: Nightclub Giant RCI Hospitality Reports Data Breach WRITTEN BY Eduard Kovacs Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering. More from Eduard Kovacs Another DraftKings Hacker Sentenced to Prison Recent Apache ActiveMQ Vulnerability Exploited in the Wild ZionSiphon Malware Targets ICS in Water Facilities OpenAI Widens Access to Cybersecurity Model After Anthropic’s Mythos Reveal Data Breach at Tennessee Hospital Affects 337,000 Microsoft Paid Out $2.3 Million at Zero Day Quest 2026 Hacking Contest Claude Code, Gemini CLI, GitHub Copilot Agents Vulnerable to Prompt Injection via Comments Exploited Vulnerability Exposes Nginx Servers to Hacking Latest News Hackers Abuse QEMU for Defense Evasion Bluesky Disrupted by Sophisticated DDoS Attack Senate Extends Surveillance Powers Until April 30 After Chaotic Votes in House Half of the 6 Million Internet-Facing FTP Servers Lack Encryption Hackers Fail to Exploit Flaw in Discontinued TP-Link Routers Tycoon 2FA Loses Phishing Kit Crown Amid Surge in Attacks White House Chief of Staff to Meet With Anthropic CEO Over Its New AI Technology CoChat Launches AI Collaboration Platform to Combat Shadow AI Trending Webinar: A Step-By-Step Approach To AI Governance April 28, 2026 With "Shadow AI" usage becoming prevalent in organizations, learn how to balance the need for rapid experimentation with the rigorous controls required for enterprise-grade deployment. Register Virtual Event: Threat Detection And Incident Response Summit May 20, 2026 Delve into big-picture strategies to reduce attack surfaces, improve patch management, conduct post-incident forensics, and tools and tricks needed in a modern organization. Register People on the Move Anti-ransomware platform Halcyon has named Kirstjen Nielsen and Chris Inglis as Strategic Advisors. ThreatModeler has appointed Kevin Gallagher as Chief Executive Officer. Thomas Bain has been appointed Chief Marketing Officer at Silent Push. More People On The Move Expert Insights Government Can’t Win The Cyber War Without The Private Sector Securing national resilience now depends on faster, deeper partnerships with the private sector. (Steve Durbin) The Hidden ROI Of Visibility: Better Decisions, Better Behavior, Better Security Beyond monitoring and compliance, visibility acts as a powerful deterrent, shaping user behavior, improving collaboration, and enabling more accurate, data-driven security decisions. (Joshua Goldfarb) The New Rules Of Engagement: Matching Agentic Attack Speed The cybersecurity response to AI-enabled nation-state threats cannot be incremental. It must be architectural. (Nadir Izrael) The Next Cybersecurity Crisis Isn’t Breaches—It’s Data You Can’t Trust Data integrity shouldn’t be seen only through the prism of a technical concern but also as a leadership issue. (Steve Durbin) Why Agentic AI Systems Need Better Governance – Lessons From OpenClaw Agentic AI platforms are shifting from passive recommendation tools to autonomous action-takers with real system access, (Etay Maor) Flipboard Reddit Whatsapp Email