Vercel has confirmed a security breach involving unauthorized access to internal systems. A threat actor claiming to be ShinyHunters posted on a hacking forum offering to sell stolen data including access keys, source code, database data, API keys, and NPM/GitHub tokens. The attacker shared a file with 580 Vercel employee records and a screenshot of an internal dashboard as proof. A $2 million ransom demand was allegedly discussed. Vercel says its services remain operational and is advising affected customers to rotate secrets and review environment variables. The actual ShinyHunters group has denied involvement.
Table of contents
Hacker claims to be selling stolen Vercel data99% of What Mythos Found Is Still Unpatched.Sort: