Comment by BrianneLee011
3 hours ago
The real story isn't Vercel. It's that a Context.ai employee got infostealer'd in February and four months later that single compromise propagated through an 'Allow All' Google Workspace OAuth grant into Vercel's env vars. This is less a Vercel incident and more the chronic OAuth-supply-chain problem finally surfacing somewhere visible.
How do you go from a Google Workspace to production env vars without Vercel doing something wrong?
Where did you see that a Context employee had credentials stolen in February? I haven't run into that particular data point.
Not just into Vercel's env vars, but into Vercel's customer's env vars.