VERCEL has disclosed a security breach that allowed bad actors to gain unauthorised access to certain internal Vercel systems. The incident stemmed from the compromise of Context[.]ai, a third‑party AI tool used by an employee, with the attacker then taking over the employee’s Google Workspace account to access some Vercel environments and environment variables not marked as sensitive.
Vercel says environment variables marked as sensitive are stored encrypted and that there is no evidence those values were read by the attacker. The company described the threat actor as sophisticated based on their operational velocity and detailed understanding of Vercel’s systems, and noted that a threat actor using the ShinyHunters persona has claimed responsibility for the hack, selling the stolen data for $2 million.
A limited subset of customers is said to have had credentials compromised, with Vercel contacting them to rotate their credentials and continuing to investigate the scope of the data exfiltrated.
Vercel is advising Google Workspace administrators to check the specific OAuth client 110671459871-30f1spbu0hptbs60cb4vsmv79i7bbvqj.apps.googleusercontent[.]com and has urged broader mitigations, including log reviews, rotating non‑sensitive environment variables, and deploying Deployment Protection tokens where applicable.