Vercel Breach: Hacker Claims to Sell Stolen Data in Potential Global Supply Chain Attack

Vercel disclosed an incident on April 19, 2026 in which a third-party AI productivity tool (Context.ai) had its Google Workspace OAuth app compromised, enabling attackers to access a Vercel employee account, enumerate non-sensitive environment variables, and exfiltrate 580 employee records. The threat actor posted claims of selling access keys, tokens, and source code on BreachForums and demanded ransom; Vercel engaged incident responders, published the OAuth client ID IOC, and confirmed its open-source projects (including Next.js) were not tampered with.