Overview
- Vercel, which disclosed the incident Sunday, says attackers used a compromised Context.ai Google Workspace OAuth app to take over an employee account.
- The company is contacting affected customers directly with instructions to rotate exposed credentials.
- Non‑sensitive environment variables could be listed, and Vercel reports no evidence that sensitive values were read.
- A user claiming the ShinyHunters persona posted alleged Vercel data for a $2 million sale, though the claims remain unverified by reporters.
- Crypto and Web3 teams that host frontends on Vercel, including Solana DEX Orca, are rotating deployment keys as a precaution while on‑chain funds remain safe.