Back to Home

Vercel Leak: How OAuth Hack Compromised Environment Variables

Analysis of the Vercel Security Incident Caused by Account Compromise via Third-Party AI Platform. Technical Details of the Attack, Consequences, and Recommendations for Developers on Protecting Environment Variables and OAuth Integrations.

Vercel Hacked: Security Lessons for Developers
Advertisement 728x90

# Vercel Security Incident: How an OAuth Leak Led to Environment Variable Compromise

The cloud development platform Vercel confirmed unauthorized access to its internal systems after an employee's account was compromised via a malicious OAuth app in Google Workspace. The incident was enabled by a data leak on the third-party AI platform Context.ai, allowing the attacker to access environment variables not marked as confidential.

Although Vercel's core services continued running without disruption and customer data remained encrypted and untouched, the breach exposed critical weaknesses in secret management and reliance on third-party integrations. The company promptly notified law enforcement, brought in external incident response experts, and rolled out dashboard updates to tighten control over confidential variables.

How the Breach Happened

The attack originated from a Vercel employee's Google Workspace account. The attacker gained access after the account credentials were leaked on the Context.ai platform, which uses AI to automate workflows. Through this account, an OAuth token was authorized for the app with ID 110671459871-30f1spbu0hptbs60cb4vsmv79i7bbvqj.apps.googleusercontent.com.

Google AdInline article slot

This app, built by a third-party tool, had excessive permissions, including access to internal Google Workspace resources. Once the token was obtained, the attacker moved laterally into Vercel's infrastructure and accessed environment variables not explicitly marked as confidential. In these cases, Vercel doesn't encrypt them at rest, relying instead on admin-set classifications.

What Was Compromised

According to posts on hacker forums, the attacker, going by "ShinyHunters," claimed to be selling the following data:

  • API keys (including NPM and GitHub tokens)
  • Access to internal Vercel Enterprise deployments
  • Source code of internal tools
  • Database with 580 employee records (names, corporate emails, account statuses, activity timestamps)
  • Screenshots of the internal dashboard

However, Vercel has officially confirmed only partial access to environment variables and denies any compromise of customer data or public projects like Next.js and Turbopack. All customer variables marked as secret remain encrypted and inaccessible.

Google AdInline article slot

Vercel's Recommendations for Developers

The company strongly urges all users, especially enterprise account owners, to take these steps:

  • Check the list of authorized OAuth apps in Google Workspace and revoke access for any suspicious or unused ones.
  • Audit environment variables: ensure all sensitive data (API keys, tokens, passwords) are marked as Confidential in the Vercel dashboard.
  • Enable the confidential variable review feature, now available in the updated dashboard.
  • Rotate all keys and tokens that may have been exposed, even if stored in non-confidential variables.
  • Set up MFA and conditional access policies for all accounts with infrastructure access.

Lessons for DevOps and SRE Teams

The Vercel incident highlights how fragile the trust chain can be with third-party integrations. Even in a mature, multi-layered infrastructure, a single compromised OAuth token can enable lateral movement.

Key takeaways for technical teams:

Google AdInline article slot
  • Principle of least privilege must apply to OAuth apps, not just users. Permissions should be strictly limited to the bare minimum needed.
  • Automatic secret classification beats manual every time. Allowing unencrypted variables by default creates a false sense of security.
  • Monitoring anomalous activity in the Identity Provider (e.g., Google Workspace) should be core to your SOC strategy. Unusual geolocations, new devices, or bulk API requests are red flags for immediate token revocation.

Key Points

  • The leak began with an account compromise via the third-party AI platform Context.ai.
  • Data access was possible because sensitive variables lacked the Confidential flag.
  • Encrypted customer data was not compromised.
  • Vercel released dashboard updates to improve secret management.
  • The attack underscores risks from OAuth integrations and trust in third-party services.

— Editorial Team

Advertisement 728x90

Read Next