Vercel Confirms Security Breach, Customer Accounts

Web infrastructure platform Vercel has disclosed a significant security incident, confirming unauthorized access to its internal systems. The company traced the attack chain to a compromise of Context.ai, a third-party AI productivity tool utilized by one of its employees.

Vercel first published its security bulletin on April 19, 2026, confirming that an attacker successfully gained a foothold in its internal environment by exploiting a compromised Google Workspace OAuth application belonging to Context.ai.

The attacker leveraged that access to hijack an individual Vercel employee’s Google Workspace account, subsequently pivoting into Vercel’s internal environment to enumerate and decrypt non-sensitive environment variables.

The incident follows what analysts are calling a textbook OAuth supply chain attack. Context.ai, which builds AI evaluation and analytics tools, has integrated its “Office Suite” consumer app with Google Workspace via OAuth.

A Lumma Stealer malware infection on a Context.ai employee’s machine in February 2026 resulted in OAuth tokens being collected by the threat actor in March, which were later weaponized to access Vercel’s corporate environment.

Vercel Confirms Security Breach

Security firm OX Security noted the intrusion began when the Vercel employee installed the Context.ai browser extension and signed in using their enterprise Google account with broad “Allow All” permissions.

Vercel initially identified a limited subset of customers whose non-sensitive environment variables, including API keys, tokens, database credentials, and signing keys, were compromised and reached out to those customers immediately for credential rotation.

Following an expanded investigation, the company uncovered two additional findings: a small number of additional accounts compromised in this incident, and a separate set of customer accounts showing evidence of prior, independent compromise potentially stemming from social engineering or malware.

Critically, environment variables marked as “sensitive” in Vercel, which are stored in an encrypted, non-readable format, show no evidence of being accessed.

Vercel CEO Guillermo Rauch described the attacker as “highly sophisticated” based on their operational velocity and in-depth knowledge of Vercel’s product API surface.

A threat actor operating under the ShinyHunters persona has since claimed responsibility, reportedly attempting to sell stolen data, including internal databases, source code, and employee records, for $2 million on underground cybercriminal forums. Vercel stated it has received no ransom communication from the threat actor.

In collaboration with GitHub, Microsoft, npm, and Socket, Vercel’s security team confirmed that no Vercel-published npm packages have been compromised and that the software supply chain remains intact.

Vercel is urging all customers to take the following steps immediately:

• Rotate all non-sensitive environment variables (API keys, tokens, database credentials, signing keys) — deleting a project or account is not sufficient to eliminate risk
• Enable multi-factor authentication using an authenticator app or passkey
• Mark future secrets as “sensitive” to prevent them from being readable via the dashboard
• Review activity logs in the Vercel dashboard or CLI for suspicious behavior
• Audit recent deployments for unexpected or unauthorized activity and ensure Deployment Protection is set to Standard at a minimum

Vercel has published one Indicator of Compromise (IOC) to assist the wider security community: the OAuth App Client ID 110671459871-30f1spbu0hptbs60cb4vsmv79i7bbvqj.apps.googleusercontent.com.

Google Workspace administrators are advised to check for usage of this OAuth application immediately, as Context.ai’s compromise potentially affected hundreds of users across multiple organizations.

Vercel has engaged Google Mandiant and additional cybersecurity firms to assist with investigation and remediation, and the company says it is actively shipping product enhancements, including stronger environment variable management defaults and improved security oversight tooling.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.