Vercel has confirmed that threat actors gained unauthorized access to its internal systems after compromising Context.ai, a third-party AI tool used by a Vercel employee.
Known for the Next.js React framework, the cloud development platform disclosed the incident in a security bulletin. Mandiant, law enforcement, and Context.ai are all assisting with the investigation.
After hijacking the employee’s Google Workspace account through a malicious OAuth application, the attackers pivoted into Vercel environments.
The breach comes at a sensitive moment: Rauch signalled IPO readiness in an interview with TechCrunch last week, with Vercel reporting an annual recurring revenue run rate of $340 million.
“We have numerous defense-in-depth mechanisms to protect core systems and customer data,” said Guillermo Rauch, CEO of Vercel, in a post on X on April 20.
While all customer environment variables are encrypted at rest, Rauch said the attacker gained additional access by enumerating variables that users had designated as non-sensitive.
A limited subset of customers was affected. Those users have been contacted directly and told to rotate credentials.
Vercel confirmed that Next.js, Turbopack, and its other open-source projects remain unaffected.
Hudson Rock Links Entry Point to February Lumma Stealer Infection
According to research published April 20 by Hudson Rock, a Context.ai employee was infected with Lumma Stealer in February 2026. The malware harvested Google Workspace credentials along with Supabase, Datadog, and Authkit logins.
Among the stolen records was the “[email protected]” account, assessed as a core member of the context-inc Vercel team. That access likely enabled privilege escalation into Vercel infrastructure.
The initial infection vector, according to the logs, was a Roblox auto-farm script, a common delivery method for infostealer malware.
To further complicate matters, the actual ShinyHunters group has since denied involvement in the incident to BleepingComputer, suggesting the attacker may be using the name to inflate perceived credibility. The stolen data is reportedly being offered for USD 2 million, with samples including 580 records of Vercel employee information.
Expert Insights has not been able to independently verify these files at the time of writing.
As mitigations, Vercel is advising Google Workspace administrators to audit for the OAuth application ID “110671459871-30f1spbu0hptbs60cb4vsmv79i7bbvqj.apps.googleusercontent.com”, review deployment activity, and rotate any non-sensitive environment variables that contain secrets.
The company has also rolled out an environment variables overview page and an improved interface for managing sensitive values in its dashboard.
