Vercel Confirms Data Breach Linked to ShinyHunters Group

Severity: High (Score: 66.0)

Sources: Tech.Yahoo, Bleepingcomputer, Weex, vercel.com, beincrypto.com

Summary

Vercel, a cloud development platform, reported a security breach on April 19, 2026, involving unauthorized access to its internal systems. The breach is believed to be linked to a threat actor claiming to be part of the ShinyHunters group, who is attempting to sell stolen data, including access keys, source code, and employee accounts for $2 million on BreachForums. Affected customers are limited in number, and Vercel has engaged incident response experts and notified law enforcement. The attack primarily targeted Vercel's Linear and GitHub integrations, raising concerns for crypto projects that utilize the platform. Vercel has advised users to review their environment variables and rotate any non-sensitive variables to mitigate potential risks. The investigation is ongoing, and Vercel is working to secure its systems and protect customer data. Key Points: • Vercel confirmed a security breach involving unauthorized access to internal systems. • The breach is linked to a threat actor claiming to be part of the ShinyHunters group. • Affected data includes access keys, source code, and employee accounts, with a ransom demand of $2 million.

Key Entities

• ShinyHunters (apt_group)
• Data Breach (attack_type)
• Vercel (company)
• CWE-200 - Exposure of Sensitive Information (cwe)
• beincrypto.com (domain)
• weex.com (domain)
• T1041 - Exfiltration Over C2 Channel (mitre_attack)
• T1078 - Valid Accounts (mitre_attack)
• GitHub (platform)
• Npm (tool)