Vercel Published the OAuth App ID From Its Breach. Now Anyone Can Check If They Were Exposed.
For the first time in a major AI vendor breach, a company published the specific OAuth application ID tied to the intrusion — the kind of identifier that shows up when you sign into a service with your Google account, and the one thing any Google Workspace administrator can now use to look up whether the same app reached their organization. Whether security teams will actually run that query, and what they will find, is the question Vercel's unusual disclosure leaves open.
The breach that made this audit trail possible runs through a chain of decisions that looks routine until it is not. A Context.ai employee had their laptop infected with Lumma Stealer (information-stealing malware) in February 2026, The Hacker News reported. Attackers used that foothold to identify a Vercel employee who had signed up for a deprecated consumer AI product called AI Office Suite using their Vercel enterprise account, and granted it Allow All permissions to their Google Workspace. Context.ai discovered the breach in March, shut down the relevant AWS environment, and engaged CrowdStrike to investigate. Vercel confirmed the breach on Sunday, April 19, in a security bulletin.
The attacker posted on a criminal forum, offering what they claimed were Vercel employee records: 580 entries with names, Vercel email addresses, account status, and activity timestamps, plus access to internal deployments, API keys including NPM and GitHub tokens, according to BleepingComputer. They claimed to represent the ShinyHunters extortion gang. Other actors previously linked to ShinyHunters denied involvement to BleepingComputer. Vercel said it has received no ransom demand, TechCrunch reported.
What the attacker claimed to reach and what Vercel says was actually accessed are not the same thing. Vercel says only non-sensitive environment variables (configuration values that do not include passwords or keys) were accessed. The sensitive kind were encrypted, with no evidence anyone read them. Next.js, Turbopack, and Vercel open-source projects were not affected. The same OAuth application may have affected hundreds of users across many organizations beyond Vercel, and Vercel is working with Mandiant, additional cybersecurity firms, industry peers, and law enforcement.
The permissions that made it convenient to connect a consumer AI tool to a corporate identity are the same ones that turned a single signup into an internal intrusion. Vercel's own settings appear to have allowed that broad grant without sufficient guardrails, according to The Register. This is not unique to Vercel: any company whose employees connected consumer AI tools to the Google Workspace or GitHub accounts that manage production infrastructure has the same exposure. The OAuth application ID Vercel published is a fixed reference point. Any organization whose employees linked AI tools to their corporate Google Workspace can run the same query and know whether this breach reached them.