# Vercel Security Incident: How an OAuth Leak Led to Environment Variable Compromise
The cloud development platform Vercel confirmed unauthorized access to its internal systems after an employee's account was compromised via a malicious OAuth app in Google Workspace. The incident was enabled by a data leak on the third-party AI platform Context.ai, allowing the attacker to access environment variables not marked as confidential.
Although Vercel's core services continued running without disruption and customer data remained encrypted and untouched, the breach exposed critical weaknesses in secret management and reliance on third-party integrations. The company promptly notified law enforcement, brought in external incident response experts, and rolled out dashboard updates to tighten control over confidential variables.
How the Breach Happened
The attack originated from a Vercel employee's Google Workspace account. The attacker gained access after the account credentials were leaked on the Context.ai platform, which uses AI to automate workflows. Through this account, an OAuth token was authorized for the app with ID 110671459871-30f1spbu0hptbs60cb4vsmv79i7bbvqj.apps.googleusercontent.com.
This app, built by a third-party tool, had excessive permissions, including access to internal Google Workspace resources. Once the token was obtained, the attacker moved laterally into Vercel's infrastructure and accessed environment variables not explicitly marked as confidential. In these cases, Vercel doesn't encrypt them at rest, relying instead on admin-set classifications.
What Was Compromised
According to posts on hacker forums, the attacker, going by "ShinyHunters," claimed to be selling the following data:
- API keys (including NPM and GitHub tokens)
- Access to internal Vercel Enterprise deployments
- Source code of internal tools
- Database with 580 employee records (names, corporate emails, account statuses, activity timestamps)
- Screenshots of the internal dashboard
However, Vercel has officially confirmed only partial access to environment variables and denies any compromise of customer data or public projects like Next.js and Turbopack. All customer variables marked as secret remain encrypted and inaccessible.
Vercel's Recommendations for Developers
The company strongly urges all users, especially enterprise account owners, to take these steps:
- Check the list of authorized OAuth apps in Google Workspace and revoke access for any suspicious or unused ones.
- Audit environment variables: ensure all sensitive data (API keys, tokens, passwords) are marked as Confidential in the Vercel dashboard.
- Enable the confidential variable review feature, now available in the updated dashboard.
- Rotate all keys and tokens that may have been exposed, even if stored in non-confidential variables.
- Set up MFA and conditional access policies for all accounts with infrastructure access.
Lessons for DevOps and SRE Teams
The Vercel incident highlights how fragile the trust chain can be with third-party integrations. Even in a mature, multi-layered infrastructure, a single compromised OAuth token can enable lateral movement.
Key takeaways for technical teams:
- Principle of least privilege must apply to OAuth apps, not just users. Permissions should be strictly limited to the bare minimum needed.
- Automatic secret classification beats manual every time. Allowing unencrypted variables by default creates a false sense of security.
- Monitoring anomalous activity in the Identity Provider (e.g., Google Workspace) should be core to your SOC strategy. Unusual geolocations, new devices, or bulk API requests are red flags for immediate token revocation.
Key Points
- The leak began with an account compromise via the third-party AI platform Context.ai.
- Data access was possible because sensitive variables lacked the Confidential flag.
- Encrypted customer data was not compromised.
- Vercel released dashboard updates to improve secret management.
- The attack underscores risks from OAuth integrations and trust in third-party services.
— Editorial Team
No comments yet.