AuditWave Security — Web Penetration Testing
  • Skills
  • Journey
  • Vulns
  • Hall of Fame
  • Certs
  • Security Packages
  • Blog
  • Contact
Home
Blog
Vercel Data Breach 2026: How a Roblox Script Brought Down a $3 Billion Platform
Back to Archives
2026-04-30
6 min read

Vercel Data Breach 2026: How a Roblox Script Brought Down a $3 Billion Platform

Vercel data breach 2026Context AI hacksupply chain attackOAuth security vulnerabilityLumma Stealer malwarecybersecurity best practicesweb application securityAuditWave Securitypenetration testing

Introduction

In April 2026, one of the most talked-about cybersecurity incidents of the year unfolded. Vercel — a leading cloud hosting platform trusted by millions of developers worldwide — was breached. But here is the twist: Vercel was not directly attacked. The entire chain of events started with a single Context AI employee downloading Roblox game cheat scripts.

This is a textbook Supply Chain Attack — and it carries a critical lesson for every business using third-party tools and AI applications.

The Full Story — Step by Step

Step 1: Patient Zero — February 2026

In February 2026, a Context AI employee downloaded Roblox game exploit scripts. Hidden inside that download was a malware called Lumma Stealer. Trend Micro

Lumma Stealer is an infostealer malware designed to:

  • Steal browser-saved passwords
  • Extract session cookies and authentication tokens
  • Harvest Google Workspace credentials

The stolen data included Google Workspace credentials along with login details for Supabase, Datadog, and Authkit — a complete set of corporate credentials harvested from the compromised machine. OX Security

Step 2: Context AI AWS Environment Compromised — March 2026

In March 2026, Context AI independently identified and stopped unauthorized access to its AWS environment. They engaged CrowdStrike for forensic investigation and notified one customer they identified as impacted. Context

However, a critical detail was missed — the OAuth tokens were also compromised, and those tokens were connected to other organizations' accounts, including Vercel.

Step 3: The OAuth Token That Opened Vercel's Door

Context AI had a consumer product called "AI Office Suite" that allowed users to connect AI agents to their Google Workspace. At least one Vercel employee had signed up for this app using their Vercel enterprise Google Workspace account and granted "Allow All" permissions. The Hacker News

That single "Allow All" click was the mistake that made everything possible.

Using the compromised OAuth token, the attacker took over the Vercel employee's Google Workspace account, then pivoted into their Vercel account, and from there maneuvered through internal systems to enumerate and decrypt non-sensitive environment variables. Vercel

Step 4: Stolen Data Listed for $2 Million

A threat actor posted on a hacking forum claiming to have stolen Vercel customer API keys, source code, and database data — listing it for sale at $2 million. The ShinyHunters hacking group was named, but the group denied any involvement in the incident. TechCrunch

Step 5: Public Disclosure — April 19, 2026

On April 19, Vercel publicly disclosed the incident and launched an investigation in collaboration with Google Mandiant, law enforcement, GitHub, Microsoft, npm, and Socket. They confirmed that Next.js, Turbopack, and all npm packages remained safe and uncompromised. Rescana

Technical Breakdown of the Attack

This attack operated across three layers:

  • Layer 1 — Malware Infection A single untrusted file download on an employee's personal device was enough to expose corporate credentials. This is where the entire chain began.
  • Layer 2 — OAuth Misconfiguration The Vercel employee had granted "Allow All" Google Workspace permissions to Context AI's Office Suite. When Context AI was compromised, the attacker did not need to bypass MFA — the OAuth trust relationship had already been established months earlier. Reco
  • Layer 3 — Unencrypted Environment Variables Vercel allowed environment variables to be optionally marked as "sensitive." Variables that were not marked as sensitive were not encrypted at rest — the attacker enumerated these variables to gain further access into Vercel's systems. Bleeping Computer

Why This Breach Matters

  1. AI Tools Are the New Attack Surface The Context AI breach is not an isolated incident. It is part of a systematic pattern of attacks targeting AI-based systems that are being shipped faster than their security review capabilities. OX Security
  2. Supply Chain Attacks Are Rising Your own systems can be perfectly secure. But the third-party tools your employees use every day are a hidden and often overlooked attack surface.
  3. "Allow All" OAuth Is a Time Bomb Every time an employee clicks "Allow All" on a third-party application, they are potentially opening a future backdoor for attackers.
  4. One Employee's Action = Company-Wide Risk A single Roblox cheat script download by one employee triggered a supply chain attack that compromised a multi-billion dollar platform and exposed customer data across hundreds of organizations. Trend Micro

Key Security Lessons — What Every Business Must Do

  1. Audit All OAuth Permissions Immediately Review every third-party application connected to your Google Workspace or Microsoft 365. Revoke any "Allow All" permissions that are not absolutely necessary.
  2. Eliminate Shadow AI Establish a clear process for employees to request and use AI tools through official channels — so unauthorized sign-ups do not silently accumulate dangerous trust relationships. Reco
  3. Encrypt All Sensitive Environment Variables Never store API keys, database credentials, or secrets in plaintext. Mark everything sensitive and ensure encryption at rest.
  4. Enforce MFA Across All Accounts Multi-factor authentication must be mandatory — especially for Google Workspace, Microsoft 365, and any cloud platform your team uses.
  5. Run Regular Third-Party Vendor Audits Your vendors' security posture is your security. Regularly audit the security practices of every tool and service connected to your systems.
  6. Train Your Employees Security awareness training is not optional. Employees need to understand the risks of downloading untrusted files, granting excessive permissions, and using unauthorized tools.

How AuditWave Security Can Help

At AuditWave Security, we specialize in exactly the kind of vulnerabilities that led to the Vercel breach:

  • Web Application Penetration Testing — identifying weaknesses before attackers do
  • Third-Party Security Audits — evaluating the security posture of your vendors and integrations
  • OAuth and API Security Reviews — detecting misconfigured and over-permissioned connections
  • Vulnerability Assessment and Reporting — comprehensive security scanning across your entire infrastructure

With 3+ years of hands-on experience, 1200+ targets tested, and vulnerabilities responsibly disclosed to Airbnb, Dyson, Inditex, and Freshworks via HackerOne — we know how attackers think, and we help you stay ahead of them.

📩 Ready to secure your business? Visit aw.khalidsanawer.online or reach out directly for a free consultation.

Conclusion

The Vercel breach made one thing crystal clear — in today's interconnected world, securing your own systems is no longer enough. Your employees' devices, the files they download, the AI tools they sign up for, the permissions they grant — all of it is part of your attack surface.

A Roblox cheat script brought down a multi-billion dollar platform. What could it do to your business?

Do not wait for a breach to take security seriously. Act now.

© 2026 Khalid Sanawer  ·  Web Penetration Tester

Built with & security in mind