Vercel Confirms Security Breach as ShinyHunters Claims to Sell Stolen Data and Demands $2 Million Ransom

Vercel confirms a security breach after attackers compromise an employee's Google Workspace account via third-party AI platform Context.ai, exposing internal systems and unencrypted environment variables, while threat actor ShinyHunters claims to be selling stolen data — including source code, API tokens, and records on 580 employees — and demanding a $2 million ransom.

• Vercel confirms a security breach stemming from a compromised employee Google Workspace account tied to a third-party AI platform, Context.ai, which allowed attackers to access internal systems and unencrypted environment variables.
• A threat actor claiming to be ShinyHunters is selling stolen Vercel data on hacking forums, including access keys, source code, API tokens, and records on 580 employees, while allegedly demanding a $2 million ransom.
• Vercel is urging customers to review their environment variables and enable the sensitive variable feature to ensure encryption at rest, while confirming that core services, Next.js, and Turbopack remain unaffected.