Vercel Confirms Security Breach, Customer Accounts Compromised
Key Takeaways Web infrastructure platform Vercel suffered a security breach stemming from the compromise of a third-party AI tool, Context.ai, used by an employee. Unauthorized access to...
Key Takeaways
- Web infrastructure platform Vercel suffered a security breach stemming from the compromise of a third-party AI tool, Context.ai, used by an employee.
- Unauthorized access to Vercel’s internal systems led to the compromise of non-sensitive environment variables for a subset of customer accounts, including API keys and database credentials.
- The attack chain involved a Lumma Stealer infection on a Context.ai employee’s machine, leading to stolen OAuth tokens used to access Vercel’s environment.
- Vercel has urged customers to rotate non-sensitive credentials, enable multi-factor authentication, and mark future secrets as sensitive.
Vercel Confirms Security Breach After Third-Party Compromise
Vercel, a prominent web infrastructure platform, has officially confirmed a significant security incident involving unauthorized access to its internal systems. The company’s investigation pinpointed the origin of the breach to Context.ai, an AI productivity tool provided by a third party, which was in use by one of Vercel’s employees.
Table Of Content
According to a security bulletin released by Vercel on April 19, 2026, threat actors successfully infiltrated their internal network. The entry point was identified as a compromised Google Workspace OAuth application associated with Context.ai.
Leveraging this initial access, the attackers subsequently hijacked a specific Vercel employee’s Google Workspace account. This allowed them to pivot further into Vercel’s internal environment, where they proceeded to enumerate and decrypt non-sensitive environment variables.
Industry analysts have characterized this incident as a classic OAuth supply chain attack. Context.ai, a developer of AI evaluation and analytics tools, integrates its “Office Suite” consumer application with Google Workspace using OAuth.
The compromise at Context.ai originated from a Lumma Stealer malware infection detected in February 2026 on one of their employee’s machines. This infection facilitated the collection of OAuth tokens by the threat actor in March, which were then weaponized to gain unauthorized access to Vercel’s corporate environment.
Attack Chain and Customer Impact
Security firm OX Security detailed that the intrusion began when the Vercel employee installed the Context.ai browser extension and authenticated using their enterprise Google account, granting broad “Allow All” permissions.
Initially, Vercel identified a limited number of customers whose non-sensitive environment variables had been compromised. These variables included API keys, various tokens, database credentials, and signing keys. The company promptly contacted these affected customers, advising them to rotate their credentials.
Following a more extensive investigation, Vercel uncovered two additional critical findings: a small number of further customer accounts were identified as compromised in this specific incident. Furthermore, a separate set of customer accounts exhibited signs of prior, independent compromise, potentially stemming from social engineering tactics or other malware infections.
Crucially, Vercel emphasized that environment variables explicitly marked as “sensitive” within their platform, which are stored in an encrypted and non-readable format, showed no evidence of unauthorized access.
Vercel CEO Guillermo Rauch described the perpetrator as “highly sophisticated,” citing their rapid operational tempo and deep understanding of Vercel’s product API surface.
A threat actor operating under the alias ShinyHunters has since publicly claimed responsibility for the breach. Reports indicate attempts by ShinyHunters to sell stolen data, purportedly including internal databases, source code, and employee records, for $2 million on various underground cybercriminal forums. Vercel, however, stated it has not received any ransom communication from this threat actor.
In a collaborative effort with GitHub, Microsoft, npm, and Socket, Vercel’s security team has confirmed that no Vercel-published npm packages have been compromised, ensuring the integrity of the software supply chain.
Vercel has also published a crucial Indicator of Compromise (IOC) for the wider security community: the OAuth App Client ID 110671459871-30f1spbu0hptbs60cb4vsmv79i7bbvqj.apps.googleusercontent.com. Google Workspace administrators are strongly advised to immediately check for any usage of this specific OAuth application, as the Context.ai compromise may have impacted numerous users across various organizations.
The company has engaged Google Mandiant and additional cybersecurity firms to assist with the ongoing investigation and remediation efforts. Vercel also stated it is actively implementing product enhancements, including stronger default settings for environment variable management and improved security oversight tools.
What You Should Do
- Immediately rotate all non-sensitive environment variables: This includes API keys, tokens, database credentials, and signing keys. Deleting a project or account alone is insufficient to mitigate the risk.
- Enable multi-factor authentication (MFA): Utilize an authenticator app or passkey for enhanced account security.
- Mark future secrets as “sensitive”: Configure all new secrets as “sensitive” to ensure they are stored in an encrypted, non-readable format, preventing dashboard readability.
- Review activity logs: Regularly check activity logs in your Vercel dashboard or CLI for any suspicious or unauthorized behavior.
- Audit recent deployments: Verify recent deployments for unexpected or unauthorized activity and ensure that Deployment Protection is set to “Standard” as a minimum.
Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.



No Comment! Be the first one.