By now you've probably seen the news. Vercel got breached. The company that hosts a huge chunk of the internet's frontend — the place where millions of developers deploy their apps — confirmed a security incident on April 18–19, 2026. And then a threat actor claiming to be "ShinyHunters" went on BreachForums and said they had Vercel's internal data for sale. The asking price: $2 million.
Access without a medium partner here: How Vercal got Breached
I want to explain what actually happened, because the news articles about it are a bit confusing if you're not a developer. There's a lot of jargon flying around OAuth, infostealer, supply chain, environment variables. I'll break all of it down. But first, the short version: Vercel didn't get hacked because someone found a bug in Vercel. They got hacked because one employee at a smaller AI company downloaded a Roblox cheat script on his work laptop. That's it. That's how this started.
Yeah. A Roblox cheat script.
So What Is Vercel, and Why Does It Matter?
If you've ever built a website using React or Next.js, you've probably used Vercel. It's basically the easiest way to put a website on the internet. You connect your GitHub repo, Vercel builds it for you, and within a minute your site is live. Millions of developers use it, including a lot of crypto projects, fintech startups, and enterprise teams. Vercel is also the company that created Next.js, which is probably the most popular web framework right now.
So when Vercel gets breached, it's not just one company's problem. A lot of other companies' secrets are sitting inside Vercel's infrastructure.
The stuff stored there includes what developers call environment variables — basically a file of secrets. API keys, database passwords, third-party service credentials. The kind of stuff that, if someone got access to it, they could log into your services as you. Vercel had two types of these: ones marked "sensitive" (which were encrypted and couldn't be read) and ones marked as non-sensitive. The attacker got to the non-sensitive ones for a limited number of customers. Vercel CEO Guillermo Rauch confirmed this on X on April 19.
The investigation is still ongoing as of today, so we don't fully know how many customers were affected or exactly what was taken.
The Chain of Disasters
This is the part that should scare you, because it's not complicated at all. It's actually kind of boring — which is what makes it so dangerous.
Step one: An employee at a company called Context.ai was using his work laptop to download game exploit scripts. Specifically, Roblox "auto-farm" executors. According to Hudson Rock, a cybercrime intelligence firm, this happened sometime in February 2026. These scripts are basically just malware with a video game excuse. The one he downloaded came bundled with something called Lumma Stealer.
Lumma Stealer is a piece of malware that runs silently in the background and just… takes everything. Browser saved passwords. Session cookies. OAuth tokens. API keys. Anything your browser has stored, it grabs. Then it sends it all back to whoever built the malware. The whole thing probably took thirty seconds. The employee almost certainly had no idea.
So now, in February 2026, some attacker has all the credentials from a Context.ai employee's laptop.
Step two: Context.ai is an AI productivity tool — it builds agents on top of a company's internal knowledge, integrating with Google Workspace and similar services. And here's where it gets messy. At least one Vercel employee had signed up for Context.ai's AI Office Suite using their Vercel enterprise account and granted "Allow All" permissions. Vercel's internal OAuth configurations appear to have allowed this action to grant broad permissions in Vercel's enterprise Google Workspace.
So there's this permission sitting there granted months ago, probably forgotten about that lets Context.ai talk to Vercel's internal Google Workspace. Once the attacker had Context.ai's OAuth tokens from that Lumma infection, they could use that permission to walk straight into a Vercel employee's Google account.
Step three: From that Google account, the attacker moved into Vercel's internal environments and started reading environment variables from customer deployments.
That's the whole chain. A game cheat on a laptop at a company you've never heard of became unauthorized access into one of the most-used developer platforms on the internet. This is the shape of a modern supply-chain breach: an infostealer infection on an employee's laptop at a third-party platform, two months earlier, led through Google Workspace OAuth into a Vercel employee's account, and then into Vercel environments where customer environment variables were stored.
The "ShinyHunters" Part
A threat actor calling themselves ShinyHunters posted on BreachForums with what they said was proof of access — a text file with 580 Vercel employee records (names, email addresses, account status), and a screenshot of an internal Vercel Enterprise dashboard. The attacker claimed to be offering Vercel's internal database, access keys, source code, employee accounts, API keys, NPM tokens, and GitHub tokens for $2 million.
Here's the thing though and this is interesting threat actors actually linked to recent attacks attributed to ShinyHunters denied to BleepingComputer that they were involved in this incident. So either this is a copycat using the ShinyHunters name, or it's a breakoff faction, or it's legitimately them and they're doing some public denial thing. Nobody knows for sure yet.
What is ShinyHunters? They're a cybercriminal group that has been active since around 2019–2020. The name is from Pokémon shiny Pokémon are rare colored variants, and players who hunt for them are called shiny hunters. Cute name for a group that has stolen data from hundreds of millions of people. The group's most consequential campaign came in 2024, when they orchestrated a massive attack on customers of Snowflake, a cloud data storage platform. Ticketmaster, AT&T, Santander Bank, Advance Auto Parts, and LendingTree were among the confirmed victims, with hundreds of millions of records exposed across the campaign.
For the Snowflake campaign, the attackers acquired login credentials from a Snowflake employee using information-stealer malware, then used those to create session tokens and extract large amounts of customer data. The affected accounts lacked multi-factor authentication, which allowed the attackers to log in as if they were a legitimate, trusted user. Same basic idea as the Vercel breach, just different target, different tool.
And before that the group had stolen over 200 million records from at least 13 companies in its early operations, including Mathway, Tokopedia, and Wattpad.
They also claimed Rockstar Games just last week, in mid-April 2026 through a third-party analytics tool called Anodot that had access to Rockstar's Snowflake environment. Same pattern. Different vendor, same playbook.
We have covered a detailed article about ShinyHunter check the pinned Article at the end of article
The Pattern You Should Be Angry About
I've been following these breaches for a few years now, and honestly the thing that annoys me most is how every breach follows the same structure and companies keep acting surprised.
The pattern goes like this. A big company uses five, ten, twenty smaller third-party tools. Each tool has some level of access — maybe it reads your email calendar, maybe it connects to your database, maybe it can access your deployment environment. Each of those tools is its own company, with its own security practices, its own employees who might have bad habits on their laptops.
And the big company has no idea any of this is happening. They granted the permission once, probably years ago, probably clicked through an OAuth consent screen in twenty seconds, and never checked it again.
The Vercel incident makes this really obvious. Vercel is not even a Context.ai customer it appears at least one Vercel employee just signed up for the service individually using their work account. One employee's personal curiosity about an AI tool created a door into Vercel's entire enterprise Google environment. That's not a bug. That's just how OAuth works. You click "allow," you give access, and you forget about it.
This is why the cybersecurity world keeps talking about "supply chain attacks." They're not talking about cargo ships. They're talking about this the fact that your security is only as strong as the weakest third-party tool your most impulsive employee has ever logged into.
And Then There's the Infostealer Problem
Lumma Stealer is the malware that started the Context.ai infection. It's not a secret or an exotic zero-day. You can basically rent it from underground forums for a few hundred dollars. Infostealers have become the dominant initial access method for a reason: they are cheap, they run automatically, and they scale. Millions of infected machines feed credential markets every month.
The way most people get infected is by downloading cracked software, game cheats, fake utility tools. The Context.ai employee was looking for Roblox auto-farm scripts. Before him, the AT&T / Snowflake breach also traced back to infostealer infections on employee machines. This is not a coincidence.
And here's the part that keeps me up the stolen credentials don't just get used once. They get sold and resold on dark web markets. The information taken from AT&T, Ticketmaster, and other Snowflake victims didn't disappear when arrests were made. It's still out there, being resold, recombined, and used for secondary attacks like targeted phishing and identity fraud.
Two members of ShinyHunters were actually arrested in 2024 one Canadian, one Turkish national. It didn't really slow them down. The group functions more like a brand or franchise than a traditional criminal organization. You can arrest someone, but if the group is distributed and the infrastructure keeps running, the brand just continues.
What Vercel Says You Should Do Right Now
If you use Vercel, the company says to rotate all environment variables containing secrets that were not marked as sensitive, review your activity logs for any suspicious behavior, enable the sensitive environment variables feature for all future secrets, and audit your Google Workspace for the identified malicious OAuth app. The specific OAuth app ID they flagged is 110671459871-30f1spbu0hptbs60cb4vsmv79i7bbvqj.apps.googleusercontent.com if you see that in your Google Workspace connected apps, remove it immediately.
Vercel has confirmed that Next.js and the broader code pipeline are not affected. So if you're a developer worried that your users' apps are compromised through Next.js itself, that part seems fine based on current information.
The investigation is still running with help from Mandiant, which is Google's cybersecurity incident response firm.
Why This Feels Different This Time
A lot of big companies have been breached. Most people hear about it, feel vaguely anxious for a day, and move on. But the Vercel breach is hitting differently in developer circles because Vercel isn't just another SaaS tool. It's infrastructure. It sits between developers and their deployed applications. A lot of the crypto, fintech, and startup apps people use every day live on Vercel. And those apps store API keys to databases, payment systems, blockchain nodes, analytics platforms.
The crypto world is especially shaken right now. Many Web3 teams host wallet interfaces and decentralized app dashboards on Vercel, relying on environment variables to store credentials that connect their frontends to blockchain data providers and backend services. Solana DEX Orca, for example, said its frontend runs on Vercel and that it rotated all its deployment credentials as a precaution — even though it said no user funds were affected.
This week in April 2026 has honestly been rough for the crypto space generally. There was also a $292 million exploit of Kelp DAO happening at the same time as the Vercel disclosure. Just a lot of things breaking at once.
The Bigger Picture
I don't think Vercel did anything particularly stupid here. OAuth permissions, third-party integrations, employees using AI tools — this is just how modern software companies work. The problem is that the security model hasn't caught up with how interconnected everything is.
When we talk about "securing your company," we mostly think about: strong passwords, MFA, patch your servers, don't click phishing links. All of that is still true. But what we don't think about enough is the shadow network of OAuth grants and SaaS integrations that grow invisibly over time. Every app your employees connect to their work Google account is a potential entry point. Every third-party tool with API access to your deployment environment is a possible weak link.
The fix is not complicated, but it requires discipline that most companies don't have. Audit your connected OAuth apps regularly. Restrict what permissions employees can grant from work accounts. Mark everything sensitive as sensitive, not just the stuff that seems obviously important. Rotate credentials on a schedule, not only when something breaks.
And maybe and I know this sounds obvious don't download Roblox cheats on your work laptop.
The Vercel breach is still unfolding. More details will probably come out this week as Mandiant's investigation continues. But the basic story is already pretty clear, and it's the same story we keep seeing: not a sophisticated nation-state attack, not a zero-day exploit in some obscure piece of software.
Just a game cheat, a forgotten permission, and a company that had no idea the door was already open.