Analysis: Vercel Breach Suspected to Have Occurred Due to Theft of Internal Data by a Well-Known Hacker, Claimed to be Used for a Global Supply Chain Attack

BlockBeats News, April 19, according to SlowMist's Chief Security Officer 23pds retweet, "Cloud Hosting Platform Vercel's Internal System Faces Unauthorized Access," suspected to be related to an internal data leak. Previously, an account claiming to be the well-known hacker group ShinyHunters was selling Vercel's internal data for $2 million, including Vercel's internal database, access keys, source code, employee accounts (including internal deployment permissions), API keys, NPM tokens, GitHub tokens, etc., claiming it could be used for a global supply chain attack (Vercel owns ecosystems such as Next.js and Turbo.js, with Next.js having a weekly download volume of 6 million).

The hacker's disclosed accompanying screenshots show that the internal data includes Vercel's internal Linear system and internal user management system. Previously, Vercel's official team had contacted ShinyHunters on Telegram, requesting the cessation of employee harassment, indirectly confirming that Vercel was already aware of the incident.