“The incident originated with a compromise of Context.ai, a third-party AI tool used by a Vercel employee,”Vercel said. “The attacker used that access to take over the employee’s Vercel Google Workspace account, which enabled them to gain access to some Vercel environments and environment variables that were not marked as ‘sensitive’.”Vercel CEO Guillermo Rauch explained in aposton X, “Vercel stores all customer environment variables fully encrypted at rest. We have numerous defense-in-depth mechanisms to protect core systems and customer data. We do have a capability however to designate environment variables as ‘non-sensitive’. Unfortunately, the attacker got further access through their enumeration.”Hudson Rock, a threat intelligence firm specializing in infostealer malware,reportedthat the Lumma stealer obtained a Context.ai employee’s credentials in February 2026, which may have facilitated the Vercel hack.The BreachForums post offering the Vercel data appears to have been deleted, and theShinyHuntersgroup has reportedlydeniedbeing responsible for the attack. It remains to be seen whether the cybercrime group names Vercel on its data leak website.Vercel has promised to share more information as its investigation progresses.Related:Wynn Resorts Says 21,000 Employees Affected by ShinyHunters HackRelated:European Commission Reports Cyber Intrusion and Data TheftRelated:Nightclub Giant RCI Hospitality Reports Data Breach
Vercel CEO Guillermo Rauch explained in aposton X, “Vercel stores all customer environment variables fully encrypted at rest. We have numerous defense-in-depth mechanisms to protect core systems and customer data. We do have a capability however to designate environment variables as ‘non-sensitive’. Unfortunately, the attacker got further access through their enumeration.”Hudson Rock, a threat intelligence firm specializing in infostealer malware,reportedthat the Lumma stealer obtained a Context.ai employee’s credentials in February 2026, which may have facilitated the Vercel hack.The BreachForums post offering the Vercel data appears to have been deleted, and theShinyHuntersgroup has reportedlydeniedbeing responsible for the attack. It remains to be seen whether the cybercrime group names Vercel on its data leak website.Vercel has promised to share more information as its investigation progresses.Related:Wynn Resorts Says 21,000 Employees Affected by ShinyHunters HackRelated:European Commission Reports Cyber Intrusion and Data TheftRelated:Nightclub Giant RCI Hospitality Reports Data Breach
Hudson Rock, a threat intelligence firm specializing in infostealer malware,reportedthat the Lumma stealer obtained a Context.ai employee’s credentials in February 2026, which may have facilitated the Vercel hack.The BreachForums post offering the Vercel data appears to have been deleted, and theShinyHuntersgroup has reportedlydeniedbeing responsible for the attack. It remains to be seen whether the cybercrime group names Vercel on its data leak website.Vercel has promised to share more information as its investigation progresses.Related:Wynn Resorts Says 21,000 Employees Affected by ShinyHunters HackRelated:European Commission Reports Cyber Intrusion and Data TheftRelated:Nightclub Giant RCI Hospitality Reports Data Breach
The BreachForums post offering the Vercel data appears to have been deleted, and theShinyHuntersgroup has reportedlydeniedbeing responsible for the attack. It remains to be seen whether the cybercrime group names Vercel on its data leak website.Vercel has promised to share more information as its investigation progresses.Related:Wynn Resorts Says 21,000 Employees Affected by ShinyHunters HackRelated:European Commission Reports Cyber Intrusion and Data TheftRelated:Nightclub Giant RCI Hospitality Reports Data Breach
Vercel has promised to share more information as its investigation progresses.Related:Wynn Resorts Says 21,000 Employees Affected by ShinyHunters HackRelated:European Commission Reports Cyber Intrusion and Data TheftRelated:Nightclub Giant RCI Hospitality Reports Data Breach
Related:Wynn Resorts Says 21,000 Employees Affected by ShinyHunters HackRelated:European Commission Reports Cyber Intrusion and Data TheftRelated:Nightclub Giant RCI Hospitality Reports Data Breach
Related:European Commission Reports Cyber Intrusion and Data TheftRelated:Nightclub Giant RCI Hospitality Reports Data Breach
Related:Nightclub Giant RCI Hospitality Reports Data Breach
Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
With "Shadow AI" usage becoming prevalent in organizations, learn how to balance the need for rapid experimentation with the rigorous controls required for enterprise-grade deployment.
Source: SecurityWeek
