Vercel confirms security incident

The application hosting and development platform Vercel has confirmed a security incident involving unauthorized access to its internal systems.

The incident was disclosed on April 19, 2026. The company stated that an investigation is already underway, incident response specialists have been engaged, and law enforcement has been notified.

According to official information, a subset of customers working directly with Vercel has been affected. At the same time, the platform itself continues to operate normally.

Based on additional findings and discussions, the incident may be linked to the compromise of a third-party tool that had access to Google Workspace via OAuth. The company has also recommended that users rotate their secrets, indirectly indicating a potential risk of credential exposure.

💬 Discuss