89Trust
Verified
🔍 Web Verified
u/DJMagicHandzonReddit1d ago
AI cloud company Vercel breached after employee grants AI tool unrestricted access to Google Workspace — hacker seeking $2 million for stolen data
Trust Metrics
92
95
85
80
Claim Accuracy92%
Source Quality95%
Framing & Tone85%
Context80%
Analysis Summary
Vercel's infrastructure was breached after an attacker compromised Context.ai, an AI tool that an employee had connected to their corporate Google Workspace account with overly broad permissions. The attacker stole non-sensitive environment variables and API keys and is demanding $2 million for the stolen data. The attack chain began months earlier when a Context.ai employee was infected with Lumma Stealer malware from downloading Roblox cheat scripts. Vercel says sensitive variables encrypted at rest were not accessed, and has advised customers to rotate any API keys or credentials stored in non-sensitive environment variables.
Claims Analysis (4)
“Vercel breached after employee grants AI tool unrestricted access to Google Workspace”
Confirmed by Vercel official statement, Tom's Hardware, TechCrunch, BleepingComputer, and The Hacker News. Breach stemmed from Context.ai compromise and overpermissioned OAuth access.
“Hacker seeking $2 million for stolen data”
Confirmed in Tom's Hardware article and corroborated by BleepingComputer and The Hacker News. ShinyHunters threat actor claimed responsibility with ransom demand.
“Breach originated from infostealer infection from Roblox cheat download”
Tom's Hardware article cites Hudson Rock's finding that Context.ai employee was infected with Lumma Stealer malware after downloading Roblox game exploit scripts in February.
“Stolen data included environment variables and API keys”
Verified that non-sensitive environment variables were exposed. Tom's Hardware confirms attackers accessed credentials including Google Workspace logins and keys for Supabase, Datadog, Authkit. Sensitive variables (encrypted) were not accessed.
Was this analysis helpful?
Try ClearFeed free →