Vercel, a widely used cloud platform for developing and deploying apps, has disclosed a breach of its internal systems, and says a “limited subset of customers” is affected.
The incident came to light on Sunday and the company says it has brought in an incident response provider to investigate the intrusion. Details of the intrusion are scant at this point.
“We’ve identified a security incident that involved unauthorized access to certain internal Vercel systems. We are actively investigating, and we have engaged incident response experts to help investigate and remediate. We have notified law enforcement and will update this page as the investigation progresses,” the company said in a statement.
“At this time, we have identified a limited subset of customers that were impacted and are engaging with them directly.”
Vercel provides a wide range of services for developers and enterprises, and has a number of offerings that are focused on agentic AI workloads.
Posts online have connected the Vercel intrusion to the ShinyHunters threat group, which has targeted a wide range of organizations, often through a combination of social engineering tactics and vulnerability exploitation. The group often makes financial demands of compromised companies and sells access to the data it steals and systems it has compromised through online forums.
Vercel did not specify which of its systems were compromised or how many of its customers are affected.