20/04/2026
A Roblox cheat script just compromised one of the biggest platforms in tech.
Vercel, the company behind Next.js and the hosting backbone for thousands of web apps, confirmed a security breach on April 19, 2026. The attacker is demanding $2M for the stolen data.
How it happened: A Context.ai employee downloaded Roblox auto-farm scripts laced with the Lumma infostealer. The malware harvested their credentials, including Google Workspace, Supabase, Datadog, and Authkit logins. Those credentials gave the attacker access to a Vercel employee's Google Workspace account. From there, the attacker pivoted into Vercel's internal systems and accessed environment variables that weren't marked as "sensitive."
What was exposed: Customer environment variables (API keys, deployment configs) that were not encrypted at rest. Internal admin endpoints including environment variable management panels. The attacker, claiming affiliation with ShinyHunters, is selling the data on BreachForums.
Why this matters to every engineering team: Third-party AI tools are now a supply chain attack vector. One employee's compromised credentials can cascade into a platform-wide breach. "Sensitive" vs "non-sensitive" environment variable classification is now a critical security decision, not just a convenience toggle.
If your team uses third-party AI tools connected to internal systems, audit those integrations today. Review which environment variables are encrypted. Rotate credentials proactively.
The weakest link in your supply chain might not be your code. It might be the tools your team uses to write it.
Follow our page for daily threat intelligence.
