Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Vercel customer environment variables compromise

Data Leak
First reported
Last updated
Happening score
H score 20
1 unique sources, 1 articles

Summary

Hide ▲

Vercel confirmed that a limited subset of customers had non-sensitive environment variables compromised after an attacker abused access tied to an employee account. The exposure matters because environment variables can include operational secrets and other sensitive integration details, even when they are not marked as sensitive. Vercel said it notified affected customers and is reviewing the extent of access.

Related Happenings

Zara customer data leak exposing 197,400 people

Data Leak
First: 08.05.2026 13:42 Last: 08.05.2026 13:42 Sources 1

About this happening: The **Zara** customer-data leak now exposes **197,400 people**, creating privacy and phishing risk across multiple markets. The exposed records include **unique email addresses**,...

Open Happening

Lumma Stealer infection of a Context.ai employee

Malware Activity
First: 23.04.2026 11:40 Last: 23.04.2026 11:40 Sources 1

About this happening: A **Context.ai** employee was infected with **Lumma Stealer** in **February 2026**, giving attackers a likely foothold that may have seeded the wider compromise chain affecting **...

Open Happening

Vercel hit by network compromise

Incident
First: 19.04.2026 20:32 Last: 19.04.2026 20:32 Sources 1

How related: “The attacker used that access to take over the employee's Vercel Google Workspace account, which enabled them to gain access to some Vercel environments and environment variables that were not marked as sensitive,” it added.

About this happening: Vercel disclosed unauthorized access to certain internal systems and said a limited subset of customers was affected, while services remained operational during the investigation...

Latest development: 21.04.2026 00:01

Vercel disclosed that attackers used a compromised OAuth token tied to a Vercel employee's Google Workspace account and access to Context.ai to reach some Vercel environments and environment variables that were not marked as sensitive, and the company said a limited subset of customers had Vercel credentials compromised and were told to rotate them. Vercel said sensitive environment variables were not known to be accessed and that it was working with Mandiant, other security firms, Context.ai, and law enforcement while keeping services operational; Context separately said it had identified and stopped an AWS breach last month and later learned the actor likely also compromised OAuth tokens for some consumer users.

Open Happening

Aura hit by network compromise

Incident
First: 19.03.2026 00:56 Last: 19.03.2026 00:56 Sources 1

About this happening: **Aura** confirmed a **voice-phishing breach** that gave an unauthorized party access to customer records, exposing data tied to **20,000 current** and **15,000 former customers**...

Open Happening

Wynn Resorts hit by cyberattack

Incident
First: 24.02.2026 23:51 Last: 24.02.2026 23:51 Sources 1

About this happening: **Wynn Resorts** confirmed an **employee data breach** after an unauthorized third party stole data from its systems, creating exposure risk for staff records. The company said it...

Open Happening

Timeline

  1. 21.04.2026 12:10 2 articles · 1mo ago

    Vercel confirms unauthorized access through Context.ai

    Initial Disclosure

    Vercel confirmed a cyber-incident in which a highly sophisticated attacker abused the third-party tool Context.ai to take over an employee's Vercel Google Workspace account, access some Vercel environments and environment variables not marked as sensitive, and potentially expose non-sensitive customer data. Vercel said it has no evidence that sensitive values or npm packages were accessed, and it notified a limited subset of customers whose non-sensitive environment variables were compromised.

    Show sources
    Open in new tab