# Vercel security breach traced to compromised third-party AI tool

_Sunday, April 19, 2026 at 8:08 PM EDT · Cybersecurity, AI · Latest · Tier 2 — Notable_

![Vercel security breach traced to compromised third-party AI tool — Primary](https://platform.theverge.com/wp-content/uploads/sites/2/2026/04/Screenshot-2026-04-19-at-3.53.46PM.png?quality=90&strip=all&crop=0%2C10.355779531361%2C100%2C79.288440937278&w=1200)

Vercel, a cloud development platform used to host and deploy web applications, has suffered a security breach with hackers attempting to sell stolen data.

A person claiming affiliation with the ShinyHunters hacking group posted employee names, email addresses, and activity timestamps online. Vercel confirmed the incident in a social media post, stating it affected a "limited subset" of customers.

The company said the attack originated from a compromised third-party AI tool. Vercel's investigation revealed the incident came from a third-party AI tool whose Google Workspace OAuth app was subject to broader compromise, potentially affecting hundreds of users across multiple organizations.

Administrators are advised to review activity logs for suspicious behavior and rotate environmental variables as a precaution. Vercel published indicators of compromise to help other organizations detect potential malicious activity.

## Sources

- [The Verge](https://www.theverge.com/tech/914723/vercel-hacked)

---
Canonical: https://techandbusiness.org/newswire/Azr6jnPnblfJFZmxqEDIVC
Retrieved: 2026-04-20T03:57:34.840Z
Publisher: Tech & Business (techandbusiness.org)