Vercel Breach: ShinyHunters Sell Stolen Data for $2 Million

Severity: High (Score: 70.5)

Sources: Kucoin, Theblock.Co, Tech.Yahoo, Theverge, Bleepingcomputer

Summary

On April 19, 2026, Vercel confirmed a security breach involving unauthorized access to its internal systems, affecting a limited number of customers. The attackers, claiming to be part of the ShinyHunters group, are attempting to sell sensitive data, including employee records, access keys, and source code, for $2 million on BreachForums. The breach is believed to have originated from a compromised third-party AI tool associated with Google Workspace. Vercel has engaged incident response experts and notified law enforcement while advising customers to review and rotate their environment variables. The incident raises significant concerns for Web3 projects that rely on Vercel for hosting, as any exposed API keys or tokens could lead to further exploitation. The full scope of the impact is still under investigation, with Vercel emphasizing that its services remain operational. Key Points: • Vercel's internal systems were breached, affecting a limited number of customers. • The attackers are selling sensitive data for $2 million, claiming affiliation with ShinyHunters. • Vercel advises customers to rotate environment variables and review security practices.

Key Entities

• ShinyHunters (apt_group)
• Data Breach (attack_type)
• Rockstar Games (company)
• Vercel (company)
• CWE-200 - Exposure of Sensitive Information (cwe)
• 110671459871-30f1spbu0hptbs60cb4vsmv79i7bbvqj.apps.googleusercontent.com (domain)
• beincrypto.com (domain)
• weex.com (domain)
• T1041 - Exfiltration Over C2 Channel (mitre_attack)
• T1078 - Valid Accounts (mitre_attack)
• GitHub (platform)
• Google Workspace (platform)
• Npm (tool)