Last weekend, Vercel the company that hosts a huge chunk of the modern web put up a short note on their site saying someone broke into their systems. If you deploy apps there, it's worth reading ahead.
Here's the story.
How they got in
A Vercel employee was using an AI tool called Context.ai. To make it work, they had signed in with their Google account, the same one they used for work.
Context.ai got hacked. Not Vercel the little AI tool nobody had heard of. But because the employee had linked it to their Google account, the hackers used that link to take over the Google account. And that Google account was how the employee logged into Vercel.
So the path was: Context.ai → Google account → Vercel.
Once they were inside Vercel, they could read some of the secret stuff that customer apps use to run. API keys, database passwords, that kind of thing.
The "sensitive" thing that matters
Vercel has a setting called "sensitive environment variables." If you tick that box, your secret gets encrypted in a way that even Vercel can't read back. You can change it, but nobody can peek at it.
If you ticked that box, you're probably fine. Vercel says there's no sign those values were touched.
If you didn't tick it and most people didn't, because it's off by default your secrets were sitting in a place the hackers could read.
That's the whole story, really. One setting decided whether your stuff got exposed or not.
Should you worry?
Vercel says they've already contacted the customers they know were affected. If they didn't email you, they don't think you're caught up in it. But they're still investigating, so "don't think" isn't the same as "definitely not."
Some people have extra reason to care:
- Crypto and Web3 sites. A lot of them run on Vercel and keep wallet stuff in environment variables. Orca, a Solana exchange, already rotated all their credentials just to be safe.
- Anyone using Vercel with Linear or GitHub. Those connections seem to have been hit harder than the rest.
- Anyone who kept real secrets in regular (non-sensitive) environment variables. Which is almost everyone.
There's also a guy on a hacker forum claiming he's selling stolen Vercel data employee accounts, source code, GitHub tokens for $2 million. Vercel hasn't confirmed how much of that is real.
What to do
Even if Vercel didn't email you, spending an hour on this is a good idea:
- Go look at your environment variables. All of them. In every project.
- Rotate the ones that aren't marked sensitive. New keys, new passwords, new tokens.
- From now on, mark anything that's actually secret as sensitive.
- Look at your recent deployments. If something's there that shouldn't be, delete it.
- If you've connected Linear or GitHub to Vercel, check their activity logs for anything weird since the start of April.
- While you're at it, check your Google Workspace settings for apps you don't recognize especially Context.ai, if anyone on your team used it.
The thing nobody wants to say out loud
This isn't really a Vercel problem. It's how everything works now.
Every company has a dozen little AI tools and SaaS apps plugged into their employees' Google accounts. Each one of those "Sign in with Google" buttons is a door. When one of those small tools gets hacked, the damage doesn't stop there it walks right into the bigger companies their users work at.
The answer isn't to stop using these tools. But it is worth thinking twice before clicking "Allow" the next time some AI app asks for access to your work account. And if you're storing secrets anywhere, assume someone will eventually read them, and set things up so that when they do, the important stuff is still locked.
If you're on Vercel, go rotate your keys. Don't wait for the email.
Source: Vercel's security bulletin