Next.js Creator Vercel Hacked – SecurityWeek

Staff Editor 2026-04-20
Next.js Creator Vercel Hacked – SecurityWeek

Next.js Creator Vercel Hacked – SecurityWeek

https://www.securityweek.com/next-js-creator-vercel-hacked/

Publish Date: 2026-04-20 04:30:00

Source Domain: www.securityweek.com

Vercel confirmed on Sunday that it has suffered an intrusion after a hacker offered to sell data allegedly stolen from the company’s systems.

Vercel is best known as the company behind Next.js, the popular open source React framework for building web applications. It’s also known for its frontend cloud platform, which makes it easy to deploy, scale, and host web apps.

A hacker using the online moniker ShinyHunters announced on BreachForums on April 19 the sale of Vercel databases, access keys, employee accounts, and source code, offering it for $2 million.

“This could be the largest supply chain attack ever if done right”, the hacker said. 

In a security incident notice published on Sunday and continuously updated since, Vercel confirmed unauthorized access to certain internal systems.

The company says its investigation is ongoing, but it has confirmed that the credentials of a “limited subset of customers” were compromised. Impacted users have been notified and instructed to reset credentials.

Advertisement. Scroll to continue reading.

“The incident originated with a compromise of Context.ai, a third-party AI tool used by a Vercel employee,” Vercel said. “The attacker used that access to take over the employee’s Vercel Google Workspace account, which enabled them to gain access to some Vercel environments and environment variables that were not marked as ‘sensitive’.”

Vercel CEO Guillermo Rauch explained in a post on X, “Vercel stores all customer environment variables fully encrypted at rest. We have numerous defense-in-depth mechanisms to protect core systems and customer data. We do have a capability however to designate environment variables as ‘non-sensitive’. Unfortunately, the attacker got further access through their enumeration.”

Hudson Rock, a threat intelligence firm specializing in infostealer malware, reported that the Lumma stealer obtained a Context.ai employee’s credentials in…

Source

More Stories

Accelerating cloud-powered cybersecurity learning with IBM Cyber Campus and AWS

Accelerating cloud-powered cybersecurity learning with IBM Cyber Campus and AWS

Staff Editor 2026-06-07
DentaQuest Breach: ShinyHunters Publish Data Impacting 2.6M People

DentaQuest Breach: ShinyHunters Publish Data Impacting 2.6M People

Staff Editor 2026-06-07
Security Affairs newsletter Round 580 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs newsletter Round 580 by Pierluigi Paganini – INTERNATIONAL EDITION

Staff Editor 2026-06-07

Terms and Conditions - Privacy Policy