Reddit
Vercel Breached via Compromised AI Tool — ShinyHunters Claims $2M Ransom, Employee Data and API Tokens Exposed
Vercel confirmed a security breach originating from Context.ai, a compromised third-party AI tool used by an employee, which allowed attackers to escalate into Vercel's internal systems via a hijacked Google Workspace account. A threat actor using the ShinyHunters identity claimed to sell stolen data including access keys, source code, database content, NPM/GitHub tokens, and 580 employee records for $2M. Security researchers advised all Vercel customers to rotate credentials and audit access logs between April 17-19; crypto frontends are particularly at risk given Vercel's high-profile clientele including OpenAI, Cursor, and Pinterest.
Source
↳ Follow the thread