According to ChainCatcher, 23pds, Chief Information Security Officer of SlowMist Technology, retweeted that the unauthorized access to Vercel's internal systems is suspected to be related to an internal data breach.
Related tweets indicate that someone on BreachForums, calling themselves ShinyHunters, is offering to sell alleged internal Vercel databases, access keys, source code, employee accounts, API keys, NPM tokens, and GitHub tokens for $2 million. The data appears to involve Vercel's internal Linear system and internal user management system. Previously, Vercel, the cloud hosting platform, disclosed that its internal systems had been accessed without authorization, affecting a small number of customers.
