RSS
Last updated: May 14, 2026 at 10:49 AM UTC
All 219 Vulnerability 76 Breach 45 Threat 91 Defense 7
Tag: lumma-stealer (2 articles)Clear
breach
2026-04-23

Vercel expands Context.ai breach scope - additional accounts compromised, and some predate the April incident entirely

Vercel updated its security bulletin on April 23 to disclose that ongoing forensics has uncovered additional customer accounts compromised in the Context.ai-linked breach that went public on April 19, and - more worryingly - a separate cluster of customer accounts with evidence of compromise that predates and appears unconnected to the Context.ai incident. CEO Guillermo Rauch confirmed on X that the threat actor has been active beyond Context.ai's compromise. Hudson Rock's forensic report traced patient-zero to a Context.ai employee whose laptop was infected by Lumma Stealer in February 2026 after downloading Roblox auto-farm scripts - a roughly four-week dwell time before the operator pivoted into Context.ai's AWS environment and then through OAuth tokens into Vercel's Google Workspace. The stolen credential set from that single laptop included Google Workspace logins, Supabase keys, Datadog tokens, Authkit credentials, and the support@context.ai account. Vercel has now confirmed non-sensitive environment variables in affected team scopes were readable to the attacker, and says customer notifications are going out individually rather than via a public list.

vercelcontext-aioauthsupply-chainlumma-stealergoogle-workspacebreach-expansion
Check
If you run any service on Vercel, re-check your team's incident email for new direct notifications, and proactively rotate any environment variable not marked as 'sensitive' that was stored in Vercel during February to April 2026.
Affected
Vercel customer teams where a member authorized Context.ai's AI Office Suite OAuth integration against a Vercel enterprise Google Workspace account, and any Vercel team with environment variables not explicitly marked as 'sensitive' stored during the February to April 2026 window. The newly-surfaced predate-April account cluster is separate and Vercel has not publicly scoped it - if you receive a notification email, treat it as a distinct compromise and not simply a continuation of the Context.ai incident.
Fix
Rotate every environment variable stored in Vercel that was not marked as 'sensitive' - in practice, treat every database URL, API key, signing secret, and third-party credential as public and rotate it in place. Audit Google Workspace OAuth app grants and revoke any Context.ai 'AI Office Suite' integration. Review Vercel activity logs back to February 2026 for unexpected access to environment variable dashboards. Rotate Supabase, Datadog, and Authkit credentials if any Context.ai employee or integration ever had access to yours. Set a standing policy that no OAuth grant from an external AI tool gets 'Allow All' Workspace permissions.
breach
2026-04-22

Vercel breach root cause revealed: Lumma Stealer on a Context.ai employee's laptop, delivered via Roblox auto-farm scripts

Follow-up: this is the origin-story update to the Vercel breach disclosed April 19 (which our publication did not cover at the time). Hudson Rock traced the initial compromise to a Context.ai employee whose laptop was infected by Lumma Stealer malware in February 2026 after the user downloaded Roblox 'auto-farm' scripts and game-exploit executors - a notorious delivery vector for infostealers. The malware harvested that employee's Google Workspace credentials plus access keys and logins for Supabase, Datadog, and Authkit. The haul also included the support@context.ai account, letting the attacker escalate inside Context.ai, reach its AWS environment, and then pivot through compromised Google Workspace OAuth tokens into a Vercel employee's enterprise workspace that had granted the 'AI Office Suite' app 'Allow All' permissions. The attacker (ShinyHunters, now selling the data for $2M on BreachForums) read Vercel environment variables not flagged as 'sensitive.' Google pulled the Context.ai Chrome extension (ID omddlmnhcofjbnbflmjginpjjblphbgk) on March 27 - it embedded an OAuth grant for read access to users' entire Google Drive. The lesson is brutal: one employee's personal risky behavior on a work device cascaded through four SaaS platforms into a supply-chain breach that a threat actor is now auctioning.

vercelcontext-ailumma-stealershinyhuntersoauth-abusesupply-chaininfostealergoogle-workspacebreachforums
Check
If any employee at your company has ever signed into Context.ai with a corporate Google Workspace account, treat that account as compromised and begin full credential rotation and OAuth review immediately.
Affected
Any Google Workspace tenant where an employee granted the Context.ai 'AI Office Suite' OAuth app broad permissions (specifically OAuth app IDs 110671459871-30f1spbu0hptbs60cb4vsmv79i7bbvqj.apps.googleusercontent.com and 110671459871-f3cq3okebd3jcg1lllmroqejdbka8cqq.apps.googleusercontent.com). Any Vercel customer whose environment variables were not explicitly marked 'sensitive'. Any organisation whose employees also install uncurated browser extensions or run game cheats on corporate devices (a pattern that keeps reappearing in infostealer cases).
Fix
In Google Workspace admin, search the OAuth app inventory for the two Context.ai client IDs above and revoke them from every user. On Vercel, audit and rotate every environment variable not marked 'sensitive' across every project, and going forward default-enable sensitive flags on new environment variables. Rotate Supabase, Datadog, and Authkit tokens that were ever accessible from a Context.ai-linked Google account. Pull 60 days of audit logs for each affected SaaS and look for impossible-travel sign-ins, new OAuth grants, and unexpected API-key creation. Block game-cheat and executor download domains at the corporate DNS layer and communicate the Roblox-script risk directly to staff.