Vercel internal data is being sold on hacking forums for a price of 2 million USD, with an opening bid of 500k USD in equivalent BTC

ME News Report, April 20 (UTC+8), according to a post by community user Ryan on the X platform, a user claiming to be affiliated with ShinyHunters on the hacker forum BreachForums posted that they are selling an internal Vercel database, access keys, and source code, with a price of about $2 million (starting bid of $500k in BTC). The post claims the data includes employee account permissions, API keys, NPM and GitHub tokens, and other sensitive information, and hints it could be used for "supply chain attacks." Screenshots suspected to be from Vercel's internal systems (including Linear and user management panels) show fields such as user ID, email, and admin permissions.

It is reported that Vercel contacted the poster via Telegram to request they stop contacting employees, indicating direct communication has occurred between the two parties. Meanwhile, Vercel's official statement confirmed that "some internal systems have been accessed without authorization," and stated that they have initiated incident response, notified law enforcement, and are communicating with affected customers.

Vercel emphasized that only a small number of customers are affected so far, the platform services are still operating normally, and advised users to check environment variable configurations and enable sensitive variable protection features. (Source: PANews)