Vercel has disclosed a security incident involving unauthorized access to certain internal systems, which has led to the exposure of some customer environment variables.

If you use Vercel, here is a breakdown of what happened, who is impacted, and the immediate steps you should take to secure your applications.

A dramatic dark-themed cybersecurity cover image showing a cracked red shield with the Vercel chevron logo, surrounded by broken padlocks and digital chains, conveying the April 2026 security breach.

The Origin: A Supply-Chain Attack

This was not a vulnerability within Vercelā€™s core infrastructure. It was a supply-chain attack, one of the most insidious forms of breach, where an attacker gets in through a trusted third party rather than attacking the target directly.

Here is how the chain of events unfolded:

  1. Context.ai is compromised (March 2026): Context.ai, an AI productivity tool used by a Vercel employee, was previously breached. Attackers stole OAuth tokens from the Context.ai platform.
  2. Lateral movement into Google Workspace: Using the stolen OAuth token, attackers gained unauthorized access to the Vercel employeeā€™s Google Workspace account. The employee had previously authorized Context.ai with broad permissions (ā€œAllow Allā€) to access their Workspace.
  3. Access to Vercel internal environments: With control of the Google Workspace account, the attacker moved laterally into Vercelā€™s internal systems and was able to enumerate and read environment variables that were not marked as ā€œsensitive.ā€

Vercel has stated that environment variables properly marked as ā€œsensitiveā€ are stored in a way that prevents them from being read back, even internally, and there is currently no evidence that those values were compromised.

Who is Impacted?

Vercel has already identified and directly contacted a limited subset of customers whose credentials were confirmed to be compromised, advising them to rotate credentials immediately.

If Vercel has not contacted you, they currently have no reason to believe your personal data or credentials were compromised. However, the investigation is still ongoing in partnership with Mandiant, industry peers, and law enforcement. Vercel services, including Next.js, Turbopack, the AI SDK, and all published npm packages, remain fully operational and were not affected.

Sources and Time of Discovery

Source: Official Vercel Security Bulletin

First discovered: April 19, 11:04 AM PST

What You Need to Do Right Now

Even if you havenā€™t been contacted, all Vercel users should take the following precautionary steps:

  1. Review and Rotate Secrets: Check your environment variables. If you have any secrets (API keys, database credentials, tokens, signing keys) that were not marked as sensitive, treat them as exposed and rotate them immediately.
  2. Enable Sensitive Environment Variables: Going forward, ensure you are taking advantage of Vercelā€™s sensitive environment variables feature to protect secret values from being read. Vercel has already updated the platform to default all new environment variables to sensitive.
  3. Audit Activity and Deployments: Review your activity logs and recent deployments for anything suspicious or unexpected. Delete any deployments you do not recognize.
  4. Check Deployment Protection: Ensure your Deployment Protection is set to ā€œStandardā€ at a minimum, and rotate your Deployment Protection tokens if you use them.
  5. Audit Your OAuth Apps: Review third-party apps connected to your Google Workspace and other corporate accounts. Remove any applications you do not recognize or no longer actively use. This incident is a reminder that every OAuth grant is a potential entry point.

Indicator of Compromise (IOC)

Because the initial breach involved a third-party Google Workspace OAuth app used by hundreds of organizations outside of Vercel, the security team has released the following IOC to help the broader community check their environments.

Google Workspace Administrators and Google Account owners should immediately check their environments for usage of the following malicious/compromised app:

  • OAuth App: 110671459871-30f1spbu0hptbs60cb4vsmv79i7bbvqj.apps.googleusercontent.com

If this app ID appears in your Google Workspace OAuth audit logs, you should treat your environment as potentially compromised and rotate all credentials immediately.

What Vercel Has Changed

In response to the incident, Vercel has shipped several platform-level security improvements:

  • Default-sensitive environment variables: All newly created environment variables now default to the ā€œsensitiveā€ designation, preventing them from being read back.
  • Enhanced team-wide environment variable management: Improved tooling for administrators to audit and manage environment variables across their entire team.

The Bigger Picture: Third-Party Risk

This incident is a sharp reminder that your security posture is only as strong as the weakest tool in your stack. Granting third-party apps broad OAuth permissions, especially ā€œAllow Allā€ scopes, is a significant risk that is often overlooked.

For developers and engineering teams, the takeaway is clear: treat your OAuth grants like you treat your code dependencies. Audit them regularly, apply the principle of least privilege, and revoke access for anything you no longer actively use.

For technical support or help rotating your secrets, contact Vercel through their help portal at vercel.com/help.

Related Concepts & Posts

The following cards provide further definitions of concepts discussed above, and possible links to related posts.

What is a Supply Chain Attack?

Cybersecurity

A supply chain attack targets less-secure elements in the software or service ecosystem (vendors, third-party tools, or partners) to gain access to the primary target. The attacker compromises an upstream dependency rather than attacking the target directly.

OAuth Token Theft

Authentication

OAuth tokens are credentials that grant applications access to a userā€™s account without sharing a password. If an OAuth token is stolen, an attacker can impersonate the user and access connected services, without ever needing the real password.

Sensitive Environment Variables in Vercel

Vercel Feature

Vercelā€™s ā€˜sensitiveā€™ environment variable feature stores values encrypted in a way that prevents them from being read back, even by Vercel employees. Enabling this for secrets like API keys ensures they cannot be exposed even in an internal breach.

Vercel Docs

What is Google Workspace?

Productivity Suite

Google Workspace (formerly G Suite) is Googleā€™s cloud-based productivity platform used by businesses, including Gmail, Drive, Docs, and admin tools. Because itā€™s deeply integrated into many organizations, a compromised Workspace account is a powerful foothold for attackers.