Vercel, one of the biggest platforms for deploying web apps, just confirmed it was breached. The attackers are already trying to sell stolen data online.
Someone claiming to be from ShinyHunters (the group that hit Rockstar Games) posted employee names, email addresses, and activity timestamps as proof. Vercel says a "limited subset" of customers were impacted, but hasn't shared how many.
Here's the interesting part: the hackers got in through a compromised third-party AI tool. Vercel didn't name which tool, but this is becoming a pattern. As companies rush to integrate AI services, each one becomes a potential entry point.
If you're using Vercel for production apps, keep an eye on your account for any unusual activity. The company is investigating, but details are still sparse.
This matters because supply chain attacks through AI tools are the new frontier. Every AI service you plug into your stack is another vendor to trust with your security. It's worth auditing what AI tools have access to your systems and data.
ShinyHunters has a track record of major breaches, so this isn't some amateur operation. They know how to monetize stolen data, which means whatever they grabbed could end up in the wrong hands fast.
