**Vercel**, a popular cloud platform providing hosting and deployment infrastructure for developers, has disclosed a security incident after a threat actor claimed unauthorized access to its systems. Vercel is widely recognized for its development of **Next.js**, a widely used React framework, and its suite of services including serverless functions, edge computing, and CI/CD pipelines. ### Security Bulletin In a security bulletin published today, **Vercel** stated that a limited subset of customers was affected by the breach. "We've identified a security incident that involved unauthorized access to certain internal Vercel systems," **Vercel** warns. The company is actively investigating, has engaged incident response experts, and has notified law enforcement. They assure that services remain unaffected and are working directly with impacted customers. **Vercel** is advising customers to review environment variables, utilize its sensitive environment variable feature, and rotate secrets as needed. ### Hacker Claims and Allegations The disclosure follows a post on a hacking forum by a threat actor claiming to be "**ShinyHunters**," offering access to allegedly stolen **Vercel** data. It's important to note that individuals linked to recent attacks attributed to the **ShinyHunters** extortion group have denied involvement in this incident to BleepingComputer. The hacker claims to be selling access keys, source code, database data, internal deployments, and API keys, including **NPM** and **GitHub** tokens. "This is just from Linear as proof, but the access I'm about to give you includes multiple employee accounts with access to several internal deployments, API keys (including some NPM tokens and some GitHub tokens)," the forum post reads.  **A screenshot of a forum post shared by the threat actor on Telegram** The attacker also shared a text file containing information on 580 **Vercel** employees, including names, email addresses, account status, and activity timestamps, along with a screenshot of what appears to be an internal **Vercel** Enterprise dashboard. BleepingComputer has not independently verified the authenticity of the data or screenshot. In Telegram messages, the threat actor claimed to have contacted **Vercel** and discussed a potential $2 million ransom demand. BleepingComputer has reached out to **Vercel** for clarification regarding the exposed data, credentials, and ransom negotiations, and will provide updates as they become available.