Vercel Breach Exposes Frontend API Keys—$2 Million Worth of Secrets Up for Sale

Vercel announced a security incident in which unauthorized actors accessed internal systems, affecting a limited subset of customers. The breach shocked the frontend community because Vercel hosts many Next.js, SvelteKit, Nuxt, Astro, and Remix projects.

Attack chain

The attackers first compromised a third‑party AI tool called Context.ai . An employee had granted this tool OAuth access to their Google Workspace account, allowing the attackers to hijack that account, enter Vercel’s internal environment, and retrieve environment variables that were not marked as "Sensitive".

110671459871-30f1spbu0hptbs60cb4vsmv79i7bbvqj.apps.googleusercontent.com

Vercel published this OAuth application ID and urged Google Workspace administrators to check for any authorizations of the app.

Data leaked

The breach exposed only non‑sensitive environment variables, but these included critical secrets such as: DATABASE_URL – full database access OPENAI_API_KEY – potential thousands of dollars in OpenAI charges STRIPE_SECRET_KEY – ability to initiate fraudulent payments RESEND_API_KEY – could be used to send phishing emails from the domain GITHUB_TOKEN – read/write access to private repositories and CI configurations

Most developers had not enabled the "Sensitive" flag for these variables, leaving them in plaintext.

"$2 Million for sale" rumor

Community chatter claimed the leaked data were being packaged and sold on underground forums for about $2 million. Vercel did not confirm or deny the figure, but some customers received security‑notice emails indicating possible credential exposure.

Six recommended remediation steps

Review account audit logs for unknown IPs, unexpected project actions, or token usage.

Rotate all non‑Sensitive environment variables and regenerate keys for databases, third‑party APIs, authentication secrets, and storage services.

When adding new variables, always enable the "Sensitive" option to encrypt them.

Inspect recent deployment records for unauthorized builds and roll back if necessary.

Set Deployment Protection to at least Standard (or higher for paid plans).

Rotate any Deployment Protection bypass tokens used by CI or third‑party tools.

Additional actions for Google Workspace admins

Log into the Google Workspace admin console.

Navigate to Security → Access and data control → API controls → Manage Third‑Party App Access.

Search for the OAuth client ID 110671459871-30f1spbu0hptbs60cb4vsmv79i7bbvqj and revoke its access.

Force affected users to change passwords, re‑enable two‑factor authentication, and review email forwarding rules.

Implications for the frontend ecosystem

The incident shows how the rapid adoption of AI tools creates a supply‑chain risk: a single OAuth permission can become a domino that compromises an entire project's secrets. Frontend engineers often hold admin rights to GitHub, Vercel, Google Workspace, and production databases, making them a high‑value target if they install a vulnerable AI tool.

Beyond the immediate fix, teams should maintain an inventory of AI tools and their granted OAuth scopes, auditing them regularly.

Final takeaways

Spend half an hour rotating all Vercel environment variables and marking new ones as Sensitive.

Revoke unnecessary third‑party OAuth authorizations in Google Workspace.

Share this analysis with teammates to trigger a coordinated self‑audit.

Establish a long‑term process to track AI tool permissions as critical assets.

The Vercel breach is unlikely to be the last supply‑chain‑related security event, and developers must treat OAuth permissions with the same rigor as code and infrastructure.