Vercel has confirmed unauthorized access to its internal systems, while the hacking group ShinyHunters claims to be selling stolen source code and database information for $2 million.

Key Points

• Vercel officially confirmed a security breach involving unauthorized access to internal systems and has notified law enforcement.
• The hacking group ShinyHunters claims to possess Vercel’s source code, database, and access keys, offering the data for $2 million in Bitcoin.
• Vercel is currently investigating the incident and has begun notifying a limited number of affected customers.
• Customers are advised to immediately review and rotate all environment variables and sensitive secrets as a precautionary security measure.
• ShinyHunters alleges the breach could facilitate a major supply chain attack, citing Vercel’s high volume of weekly Next.js downloads.

Why it Matters

This breach poses a significant security risk to developers and companies that rely on Vercel’s infrastructure for hosting and deployment. If the claims regarding source code and access keys are accurate, it could lead to widespread supply chain vulnerabilities across the software ecosystem.