Home

Vercel Got Hacked: 19th April 2026 | Complete Details

On April 19, 2026, Vercel confirmed attackers got into its internal systems. A threat actor claiming to be ShinyHunters is now selling the data on BreachForums for $2 million.

If you deploy on Vercel, you need to rotate secrets today.

How It Happened

The entry point wasn't Vercel's code. It was a compromised AI tool sitting in one employee's Google Workspace.

flowchart LR A[Context.ai
breached] --> B[Google Workspace
OAuth app compromised] B --> C[Vercel employee
account accessed] C --> D[Internal systems
enumerated] D --> E[Env variables
exfiltrated] E --> F[Listed on
BreachForums]

Vercel's CEO Guillermo Rauch confirmed the chain: Context.ai (a third-party AI platform) was breached, and its Google OAuth app gave attackers a foothold into an employee's account. From there, they pivoted into Vercel.

IOC to check in Google Workspace:

110671459871-30f1spbu0hptbs60cb4vsmv79i7bbvqj.apps.googleusercontent.com

What's Compromised

Confirmed by Vercel

  • Unauthorized access to internal systems
  • Non-sensitive environment variables for a "limited subset" of customers — meaning API keys, DB credentials, and tokens that weren't explicitly flagged as sensitive were readable

Claimed by ShinyHunters (unverified)

  • Source code, internal database, GitHub tokens, npm tokens
  • ~580 employee records (shown as proof of access)

Confirmed safe

  • Sensitive environment variables (encrypted at rest)
  • Next.js, Turbopack, and Vercel's OSS projects — the supply chain is clean

That last point matters. Next.js pulls ~6M weekly npm downloads. If those tokens were live, this would be XZ Utils all over again. Vercel says it isn't.

What You Need To Do

  1. Revoke the IOC OAuth app in your Google Workspace admin panel
  2. Audit every Vercel env variable. If it holds a secret and isn't flagged sensitive, treat it as leaked
  3. Rotate in this order:
  • Generate new credential upstream
  • Update the variable in Vercel
  • Redeploy (old deployments keep the old secret live)
  • Revoke the old credential upstream
  1. Toggle "sensitive" on every secret going forward
  2. Check downstream systems — GitHub, npm, DB, cloud providers — for suspicious activity using those credentials

The Takeaway

One employee's OAuth grant to an AI tool was enough to pivot into a platform hosting a significant chunk of the modern web. This is the supply-chain pattern of 2026: your attack surface now includes every AI integration your team silently connected last quarter.

Audit your OAuth grants. Default your secrets to encrypted. Build rotation into muscle memory — don't wait for the next bulletin to force it.

Sources: Vercel's April 2026 security bulletin, BleepingComputer, iTnews, statements from CEO Guillermo Rauch.

Building Tech Startups. Experience in Full Stack Web Development & Data Engineering.