A threat actor has listed their customers' data, source code, databases, and keys up for sale.

A security incident has been identified that involved unauthorized access to certain internal Vercel systems. Customers Vercel credentials were compromised.

As per Vercel, the incident originated with a compromise of Context.ai, a third-party AI tool used by a Vercel employee. The attacker used that access to take over the employee's Vercel Google Workspace account, which enabled them to gain access to some Vercel environments and environment variables that were not marked as “sensitive.”

Source: Vercel