ADVERTISEMENT

Vercel hacked after fatal OAuth misstep: granting “Allow All” permissions

Vercel, a cloud platform and maintainer of Next.js, a major web development framework, has been hacked, and hackers are selling access to credentials that could help pull off “the largest supply chain attack ever if done right.” An OAuth token, granting too many permissions, became a single point of failure.

vercel

Image by Cybernews.

Ernestas Naprys
Ernestas Naprys Senior Journalist
Apr 20, 2026 Updated: 21 April 2026 5 min read

What happened?

Jurgita Lapienyte justinasv Izabele Pukenaite vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Add us as your Preferred Source on Google.
Has my data been leaked?

The scale of the incident at Vercel remains unclear

ADVERTISEMENT
OAuth
claims-on-telegram

It’s a mystery who’s behind the attack – the data was listed for sale

Check your OAuth apps and permissions, researchers warn


ADVERTISEMENT