Hacker News
Vercel Breach Traced to Roblox Cheat Malware → Context.ai Employee → OAuth Takeover — Supply Chain Attack Case Study
A Vercel security incident traced back to a Context.ai employee who downloaded Roblox cheat scripts infected with Lumma stealer malware in February 2026, which compromised their credentials. The attacker used that access to take over the employee's Vercel Google Workspace account, gaining access to some Vercel environments and non-sensitive environment variables. ShinyHunters claimed responsibility, seeking $2M for stolen data. The 176-point HN story (91 comments) is a textbook supply-chain cascade: game exploit malware → third-party AI tool credentials → major cloud platform — demonstrating how agentic AI tools with broad OAuth scopes create new attack surfaces.
Source
↳ Follow the thread