ON 21 April 2026, Vercel confirmed a cyber-incident described as highly sophisticated, arising after a third‑party tool was used by an employee. According to InfoSecurity Magazine, the attacker used that access to take over the employee’s Vercel Google Workspace account, which enabled them to gain access to some Vercel environments and environment variables that were not marked as sensitive.
Vercel added that environment variables marked as “sensitive” are stored so they cannot be read, and there is currently no evidence that those values were accessed. DataBreaches[.]net also notes that someone posting as “ShinyHunters” claimed responsibility for the site and data leakage, but the real ShinyHunters account denied involvement and there is no listing for Vercel on their leak site as of writing.
The updated notice appeared on 21 April, with the report highlighting the nature of the access and the company’s assurances regarding the sensitivity of stored data.