A Roblox Cheat Code Started the Hack That Breached Vercel

What Happened?

The chain of events that led to the Vercel breach reads like a textbook supply chain attack, except the first link broke somewhere nobody was watching.

In February 2026, a Context.ai employee with sensitive access privileges got hit with Lumma Stealer malware. According to researchers at Hudson Rock, that employee had been downloading Roblox game exploits, a common delivery method for this type of infostealer.

The data pulled from that infected machine included Google Workspace credentials, along with logins for Supabase, Datadog, and Authkit. Among what was exposed was the [email protected] account, which likely gave the attacker exactly the leverage needed to escalate privileges and pivot into Vercel’s infrastructure.

Shortly after, a threat actor claiming to be ShinyHunters posted on a hacking forum that they were selling access to Vercel’s data, including API keys, source code, database records, and GitHub and npm tokens. They claimed a ransom demand of $2 million. The real ShinyHunters group denied involvement.

What’s the Impact?

A limited subset of Vercel customers had their non-sensitive environment variables compromised. Vercel contacted those customers and recommended rotating their credentials immediately.

Vercel confirmed that its Next.js and Turbopack open source projects were not affected. In collaboration with GitHub, Microsoft, npm, and Socket, the team verified that no npm packages published by Vercel were tampered with.

That said, the broader risk is real. Vercel warned that the attack may affect hundreds of users across many organizations, not just its own systems. Non-sensitive environment variables often contain API keys, database credentials, and signing keys. If rotated too slowly, those become a door left open.

Vercel CEO Guillermo Rauch described the attackers as highly sophisticated, telling reporters he strongly suspects AI significantly accelerated their speed of movement inside Vercel’s systems.

How to Avoid This

The Vercel incident is a clear reminder that your security posture is only as strong as the tools your team connects to their accounts.

Vercel is advising all Google Workspace administrators to immediately check for usage of the compromised OAuth app:

110671459871-30f1spbu0hptbs60cb4vsmv79i7bbvqj.apps.googleusercontent.com

Beyond that, three habits would have meaningfully reduced the blast radius here:

• Limit OAuth permissions. Most AI productivity tools do not need full Google Drive access. Audit what you have connected and cut anything that asks for more than it needs.

• Mark everything sensitive. Vercel now defaults all new environment variable creation to “sensitive: on,” meaning secrets are stored in a way that prevents them from being read. Follow the same logic in your own deployments.

• Enable multi-factor authentication. A stolen OAuth token should not be a skeleton key. MFA on corporate accounts adds a critical layer between credential theft and full account takeover.

Effective defense here requires treating OAuth apps as third-party vendors, eliminating long-lived platform secrets, and designing systems that assume a provider could be compromised.

Vercel says its services remain operational and the investigation, led with the help of Mandiant, is ongoing.