The Vercel Hack: How a Roblox Cheat Script Triggered a $2 Million Breach

It started with a Roblox cheat script. It ended with a $2 million listing on a hacker forum and one of the most talked-about security incidents of 2026. The Vercel breach is a textbook example of how modern cyberattacks work — not through sophisticated zero-days or nation-state tooling, but through human behavior.

Here's the full chain of events, explained from the beginning.

---

Step 1: A Roblox Cheat Script Plants the Seed

In February 2026 — two months before any of this became public — a Context.ai employee was browsing for Roblox game exploits and auto-farm scripts on their work machine. This is where most people's eyes go wide. A software engineer at an AI company, downloading Roblox cheats. On their work computer.

They found what they were looking for. But the script came with an uninvited passenger: Lumma Stealer — a well-known infostealer malware that silently harvests saved credentials, session tokens, browser cookies, and anything else of value from an infected machine.

Lumma Stealer did its job quietly. The employee likely had no idea. But their credentials — including access to Context.ai's internal systems — were now in attacker hands.

---

Step 2: Context.ai Gets Compromised

Context.ai is an AI productivity tool — think of it as an AI assistant for your Google Workspace. You install the browser extension, connect it to your Google account, and it helps you work smarter across Gmail, Drive, Docs, and more.

Armed with the stolen credentials from that infected machine, the attacker gained access to Context.ai's AWS environment. During that intrusion, they harvested OAuth tokens belonging to Context.ai users. OAuth is the technology that allows apps to connect to your Google (or Microsoft) account without needing your actual password. When you click "Allow" on that permissions screen, you're handing the app a token — essentially a long-lived key to your account.

Context.ai identified and blocked the intrusion, but the damage was already done. Those tokens were out in the wild.

To make things worse, Context.ai's Chrome extension was found to have quietly embedded an additional OAuth grant — one that gave read access to users' Google Drive files. Google pulled the extension from the Chrome Web Store on March 27, 2026. But for users who had already installed it and connected it with "Allow All" permissions, the exposure window was open.

---

Step 3: A Vercel Employee Becomes the Bridge

Here's where the chain reaction hits Vercel.

Vercel is one of the most widely used web deployment platforms in the world — the company behind Next.js, Turbopack, the AI SDK, and the infrastructure running millions of apps. If you've deployed a Next.js project, you've probably used Vercel.

One of Vercel's employees had signed up for Context.ai's AI Office Suite using their Vercel enterprise Google account — a personal productivity decision, not a company-sanctioned one. When they connected Context.ai, they clicked "Allow All" permissions, granting the app broad access to their corporate Google Workspace.

When the attacker harvested Context.ai's OAuth tokens, they got one for this Vercel employee. That token was the skeleton key.

The attacker used the compromised OAuth token to take over the Vercel employee's Google Workspace account. From there, they had access to whatever that employee could access in Google's ecosystem — including internal Vercel systems and infrastructure connected through Google.

Context.ai described it this way:

"Vercel is not a Context customer, but it appears at least one Vercel employee signed up for the AI Office Suite using their Vercel enterprise account and granted 'Allow All' permissions. Vercel's internal OAuth configurations appear to have allowed this action to grant these broad permissions in Vercel's enterprise Google Workspace."

---

Step 4: Inside Vercel's Systems

Once inside the employee's Google Workspace account, the attacker moved fast. Vercel described the threat actor as "sophisticated" based on their "operational velocity and detailed understanding of Vercel's systems."

The attacker gained access to environment variables stored in Vercel's platform — the configuration values that developers use to store API keys, database credentials, and secrets. Vercel stores two types:

• Sensitive variables — encrypted and never readable after being set ✅ Not compromised
• Non-sensitive (plaintext) variables — visible in the dashboard ❌ These were exposed

A limited subset of customers had their plaintext environment variables stolen. Vercel reached out to those customers directly and urged immediate credential rotation.

The npm packages published by Vercel — including Next.js — were confirmed uncompromised after validation with GitHub, Microsoft, and Socket. But the attacker had access to internal systems long enough to raise serious concern about what else they may have touched.

---

Step 5: The Data Goes Up for Sale

The group claiming responsibility operates under the ShinyHunters persona — a well-known threat actor that has previously claimed breaches at Ticketmaster, Santander Bank, and others.

Within days, a listing appeared on BreachForums offering what was described as Vercel's internal database for $2 million. Whether the full dataset is as described remains unconfirmed, but the listing alone signals the attacker's confidence in what they walked away with.

---

The Domino Effect

This attack illustrates a pattern that security professionals call a supply chain attack — the target isn't breached directly. Instead, attackers compromise a trusted tool that has access to the target.

The chain looked like this:

Roblox cheat script downloaded → Lumma Stealer installed → Context.ai employee credentials stolen → Context.ai AWS breached → OAuth tokens harvested → Vercel employee's Google account hijacked → Vercel internal systems accessed → Customer environment variables exposed → $2M BreachForums listing

Every link in that chain started with one employee's personal decision on a work machine. That's not a technology failure. That's a human failure — and it's the hardest kind to defend against.

---

What You Should Do Right Now

Whether you use Vercel or not, this incident is a wake-up call.

If you use Vercel:

1. Rotate all environment variables that aren't marked as "Sensitive" — do it today
2. Mark secrets as Sensitive going forward — Vercel's sensitive variables are encrypted at rest and can't be read back
3. Review your activity log at vercel.com/activity-log for anything unexpected
4. Check your Google account for the following OAuth app ID and revoke it if present: 110671459871-30f1spbu0hptbs60cb4vsmv79i7bbvqj.apps.googleusercontent.com
5. Enable MFA on your Vercel account if you haven't already

For everyone:

1. Audit what OAuth apps are connected to your Google account — go to myaccount.google.com/permissions and prune anything you don't recognize
2. Never grant "Allow All" permissions to productivity tools unless you fully understand what that means
3. Don't use personal productivity apps with corporate credentials — this is a policy issue as much as a technical one
4. Pin your dependencies — if you rely on Vercel-maintained packages (Next.js, Turbopack, AI SDK), pin to specific versions to protect against potential future supply chain injection

---

The Bigger Picture: Your Employees Are the Perimeter

This incident is a stark reminder that your security is only as strong as your least careful employee. It wasn't a nation-state exploit. It wasn't a zero-day vulnerability. It was someone looking for a shortcut in a video game.

Infostealer malware like Lumma Stealer is deliberately packaged inside things people actually want — game cheats, cracked software, free tools, pirated content. Attackers know that employees are human. They get bored. They blur the line between personal and professional on their work machines. And they download things they shouldn't.

The downstream consequences of that one moment:

• A company (Context.ai) got breached
• Their customers' OAuth tokens were stolen
• One of the world's largest developer platforms (Vercel) was compromised
• Millions of developers' environment variables were at risk
• A $2 million data dump hit BreachForums

All of it traces back to a Roblox cheat script.

This is why employee security awareness isn't a checkbox. It's not a once-a-year training video. It's an ongoing conversation about what it means to use a work machine — and why what you do on it, even in your downtime, matters enormously.

The vulnerability wasn't software. It was behavior. And behavior can be changed.

---

Sources: Vercel Security Bulletin, Context.ai Security Update, The Hacker News, The Register, TechCrunch, OX Security, CyberScoop, Forbes, Hudson Rock