Vercel disclosed unauthorized access to certain internal systems after a threat actor claimed to have breached its environment and offered stolen data for sale. The company says a limited subset of customers were affected, services remain operational, and it has engaged incident responders while advising customers to review and rotate secrets. #ShinyHunters #Vercel
Keypoints
- Vercel confirmed unauthorized access to certain internal systems affecting a limited subset of customers.
- A threat actor claiming to be ShinyHunters posted offers to sell access keys, source code, and database data.
- Vercel says its services are not impacted and has engaged incident response experts and law enforcement.
- Customers are advised to review environment variables, enable sensitive variable protections, and rotate secrets.
- The attacker shared employee records and screenshots, but the authenticity of the data has not been independently verified.