Vercel, a leading cloud development platform used by developers to host and deploy web applications, has confirmed a security breach that exposed customer data. The company disclosed that hackers gained access through a compromised third-party AI tool, though it did not name the specific service involved.
According to Vercel's statement on X, the incident affected a "limited subset" of customers. Meanwhile, a member of the hacking group ShinyHunters—previously linked to the Rockstar Games breach—has posted samples of stolen data online, including employee names, email addresses, and activity timestamps, and is attempting to sell the full dataset.
We’ve identified the source of the security incident as a compromised third-party AI tool and are taking immediate steps to secure our systems and notify impacted customers.
Vercel has not yet provided details on the number of customers affected or whether any sensitive code or financial information was accessed. The company is urging users to monitor their accounts for suspicious activity and has initiated an investigation into the breach. This incident highlights growing concerns about supply chain vulnerabilities in the tech industry, particularly as companies increasingly integrate third-party AI tools into their workflows.