ShinyHunters - the hacking group behind the 2024 Rockstar Games attack - has breached Vercel, one of the most widely used platforms for deploying web applications. Vercel confirmed the breach. A person claiming membership in the group posted samples of stolen data online, including employee names, email addresses, and activity timestamps, and is now attempting to sell the full dataset.
Vercel hosts and deploys web apps for millions of developers, which makes it an especially attractive target. A breach here doesn't just expose one company's internal records - it puts attackers in proximity to developer credentials, environment variables (the configuration secrets apps use to authenticate with databases and external services), and deployment pipelines. The confirmed stolen data is currently limited to employee records, but the full scope is still being established.
ShinyHunters' playbook is consistent: they breach infrastructure platforms, extract data, post samples as proof of access, then sell the full haul on criminal forums. In 2024 they hit over 160 companies by targeting Snowflake customers, including Ticketmaster and Santander, before the Rockstar Games attack that leaked Grand Theft Auto VI footage. Vercel fits the same profile - high-value infrastructure sitting behind a large number of other products.
For developers with active Vercel accounts, the immediate steps are: rotate any personal access tokens, audit project environment variables for credentials that should be cycled, and enable two-factor authentication if it isn't already on. Don't wait for a detailed post-mortem before acting.