CEO Guillermo Rauch said the company acted fast, asking affected users to rotate certain environment variables and confirming with GitHub that their npm packages are safe.
Only a small group of customers were hit.
Now, Vercel is working with cybersecurity experts and law enforcement to investigate further, while also recommending stronger security steps like multi-factor authentication to help keep everyone safer moving forward.