How Hackers Stole Data from Vercel by Breaking Into a Partner Company First

On April 20, 2026, Vercel announced that hackers had stolen customer data from its platform. The theft happened because attackers first broke into Context AI, a separate company, and then used what they found there to get into Vercel's systems. This type of attack—breaking into one company to reach another—is called a supply chain attack.

TechCrunch reported that the attackers claimed they were trying to sell the stolen data for $2 million on illegal underground websites.

How the Attack Worked

The trouble started when Context AI was hacked first. We don't know exactly how that happened yet. But once inside Context AI, the attackers found login credentials or access codes that also worked for Vercel—because the two companies shared authentication systems, the digital equivalent of shared master keys. Using those credentials, the hackers were able to log into at least one Vercel employee's account.

That employee's account had high-level access to customer data. The attackers used it to find and steal customer information, then covered their tracks well enough to avoid detection for a while.

Why This Matters for Online Services

Vercel hosts websites and apps for thousands of customers. Like most modern online platforms, it connects to many other services and uses shared login systems across the developer ecosystem. Think of it like a building where residents share a master key system with neighboring buildings for convenience—if someone steals keys from the neighboring building, they can let themselves into your home.

Worth flagging: The attackers got into an employee account with high permissions, which means they probably obtained the password or access token through credential theft, password-guessing attacks, or social engineering. This is a particular problem with platforms like Vercel, where employees often have broad access to all customer accounts.

The underlying issue is that when one company's security fails, it puts all the companies connected to it at risk.

What Data Was Stolen

Vercel hasn't yet said exactly what information the hackers took or how many customers were affected. In breaches of hosting platforms like this, stolen data usually includes things like:

• Login credentials and API keys (digital passwords)
• Configuration settings for how services run
• Database connection information
• Source code for applications

We've Seen This Before

This isn't the first time a breach has rippled through the technology supply chain. In 2020, hackers broke into SolarWinds, a company whose software is used by thousands of other organizations. From there, they reached dozens of major companies and government agencies.

The Vercel breach follows the same pattern. The developer tools sector—companies like Vercel, GitHub, and GitLab—has become a popular target for sophisticated attackers specifically because these companies hold the keys to so many other businesses. Compromise one, and you gain a foothold in many others.

What Happens Next

Analysis: This breach will likely push companies to adopt stronger security practices, like zero-trust architecture, which means treating every login and access request as potentially risky, even from people who are supposed to be trusted. Organizations may also start watching more carefully for suspicious use of shared login credentials across multiple services.

For customers affected by the Vercel breach, the immediate steps are clear: change any passwords or API keys stored in Vercel, check for unexpected changes to their deployed sites, and watch for unusual activity from their connected systems.

In this author's view, this incident should serve as a wake-up call for anyone using hosted platforms. You should audit which third-party services you depend on and build your security around the assumption that even trusted services can be compromised. Don't rely solely on a vendor's security promise—prepare for the possibility of breach.