At some point you clicked login with Google or another account on a third-party app because it was faster and it was the easiest way to get what you wanted from the site. You clicked and forgot about it. Well, so did a Vercel employee. That single click is exactly how threat actors walked straight in one of the most widely recognized cloud platforms on the internet on April 2026. The attackers accessed internal environment variables (dynamically set value that is used throughout a program and determines properties of a program on each device) and came back demanding $2 million. This was solely possible because of a forgotten permission and a chain of connections which was not so on the foreground. Here’s the plot.
Press enter or click to view image in full size
More about Vercel
Vercel is an American cloud application company that specializes in providing developer tools and infrastructure for building, deploying, and maintaining websites. It is particularly known for its creation and optimization of the Next.js framework, which is widely used for React applications. It is optimized for Next.js but it also supports other frameworks such as Django and Flask. This breach specifically did not compromise Vercel’s customer side encryption but it exposed the internal environment variables, which should not have been open to the outside. The breach mainly has to do with OAuth permissions, so OAuth is the protocol behind every “login with Slack” or “connect with GitHub” button we normally click. When we authorize a third party app, we issue it with a token (a temporary access key) that lets it act for you together with whatever permission you allowed. Now, the problem here is that most people usually click “allow all” which hands you the main body key to your account. Once the connection is activated and given permission, it just sits there trusted by every system it comes into contact with. These integrations are given broad permissions because companies tend to think functionality is more important than security. After connecting, they forget about them and never audit what data these apps have access to.
The Vercel breach is not the first time this exact mechanism caused a big problem. In August 2025 a threat actor called UNC6395 used stolen OAuth tokens from Drifts Salesforce integration where they accessed customer environments across more than 700 organizations. This was done without any exploit or phishing involved. The same method was used, but with different companies.
How Did The Breach Start In The Beginning?
The Vercel breach did not start at Vercel though. It actually started a lot earlier at an AI company. This is a small startup that most people do not know about. The Vercel breach then moved from this artificial intelligence company to other places through a chain of people and companies that everyone trusted. Back in February 2026, an employee of Context.ai (an enterprise AI productivity tool, part of the growing category of “AI Office Suite” products that plug into your Google Workspace) was infected with Lumma Stealer malware. Lumma Stealer is an information-stealing malware. It specializes in stealing sensitive data such as browser information or cryptocurrency wallet details. The infected employee was a core member of the startup team with direct access to important administrative endpoints including the environment variable settings and production logs that made it more vulnerable for stealing of critical information.
Hudson Rock’s intelligence analysis found out that the employee had been downloading Roblox “auto-farm” scripts and executors. This is an efficient delivery vector for malware such as this Lumma Stealer.
Not Your Usual Password Stealer
Lumma is a session vacuum meaning it does not need your password to steal you active browser cookies, tokens that tell websites “this guy is already logged in, trust them”. It bypasses MFA entirely. The threat actors are thus not logging in as you but resuming your ongoing session at a website. This is not an advanced malware used by governments. Infostealers such as Lumma are a type of malware that can be bought and used by anyone running around fifty dollars per month which is actually cheaper than software subscriptions. In the first half of 2025 these infostealers stole, over two hundred seventy thousand Slack login details. (Engaging in the purchase, distribution, or use of malware is illegal and carries severe criminal penalties. This information is provided for educational purposes to help security professionals and organizations defend against these evolving threats.)
The Threat Actors:
A threat actor using the ShinyHunters persona notified that they were responsible for the attack via Telegram and BreachForums. They claimed to have stolen access keys, source code and other valuable information and demanded $2 million in return. Vercel confirmed the breach publicly and said that it affected a limited group of customer information. They notified law enforcement, checked with GitHub, Microsoft, npm and Socket to make sure none of the packages on npm were compromised.
Important: Vercel also published a specific OAuth Client ID as an indicator of compromise:
110671459871-30f1spbu0hptbs60cb4vsmv79i7bbvqj.apps.googleusercontent.com
Google Workspace admins should check their API Controls console for this immediately.
Two Things to Do For Businesses Before You Close This Tab:
Go to myaccount.google.com/permissions. Every app listed has some level of access to your Google account. Check these thoroughly and disable permissions if not in use. Also, review activity log for any suspicious or unrecognized activity. Attackers no longer need to deploy detectable payloads. They use OAuth tokens and API keys and service accounts to access secure systems which makes their actions appear like regular business operations. Traditional perimeter defenses and endpoint detection systems fail to detect adversaries who operate with real credentials through authentic system connections.
The Only Best Conclusion
The Vercel breach will be described in three ways it represents a supply chain attack and an OAuth failure and an infostealer incident. All of those framings are correct. But the simplest framing is this: someone granted a permission, forgot about it, and that forgotten permission became a $2 million problem.
You need to check your permissions at this moment instead of waiting until next week.
Top comments (0)