The Vercel breach wasn't some zero-day masterpiece. An employee clicked "Allow" on an OAuth prompt — the same button you and I mash dozens of times a month without reading a single line.
Let me walk you through why this one haunts me.
What Actually Happened
Lumma Stealer malware harvested a Context.ai employee's credentials. The malware harvested credentials including an OAuth token from Context.ai's Google Workspace integration, which was connected to Vercel's systems.
Here's the brutal part: that OAuth token persisted. It didn't expire when the session ended. It sat there, valid and waiting, and attackers used it to move laterally into Vercel's infrastructure.
The breach went undetected from roughly June 2024 to April 2026. Almost two years of access. Not because Vercel's security team was asleep — but because OAuth tokens are designed to be invisible once granted.
You Have This Exact Problem Right Now
Open your GitHub settings. Go to "Applications." Count the OAuth grants.
I'll wait.
I carried out this process the previous week and saw apps that were given permission to access my repos three years ago. Some of them were unrecognizable to me. Every one of them poses an attack surface that I had forgotten about.
Here's what makes OAuth dangerous:
→ You grant access once and forget forever
→ Tokens often outlive the reason you created them
→ A compromised third-party app becomes a backdoor to your systems
→ Most teams have zero process for auditing existing grants
The Vercel hack didn't originate from Vercel's systems. It started at a third-party tool that had a persistent token. This is the scenario that should make you afraid.
Why Detection Took Almost Two Years
OAuth tokens don't behave like stolen passwords. There are no unsuccessful login attempts. No brute force action. No suspicious IP address switch triggering an alarm.
A valid token making valid API calls looks identical to normal traffic. Your monitoring system detects it and does nothing. The attacker looks like the employee who originally granted access. 🔓
This is the foundational flaw in how we've been conditioned to think about OAuth. We conceptualize the "Allow" click as an authentication event, but it's actually an authorization delegation—and we almost never think back on it.
What I Changed After Reading About This
I reviewed every OAuth connection of every service I subscribe to—GitHub, Vercel, Slack, Notion, you name it. Revoked anything I didn't actively utilize in the last 90 days. Took me 20 minutes. I was pretty damn surprised at how much privilege I'd handed around.
For our team, we made three modifications:
→ Quarterly OAuth grant audits are now on the calendar
→ Any new third-party integration needs a written justification (even a one-liner in Slack counts)
→ We set calendar reminders to revisit grants after 90 days
This isn't ground-breaking or anything. That's the point really. The breach wasn't subtle. The remedy doesn't need to be either. 🛡️
The Real Takeaway
Vercel didn't get breached because they were slapdash about security. They got breached because OAuth's trust model assumes the third party stays secure forever. That assumption is wrong, and every one of us is making it right now.
The "Allow" button is the most dangerous UI element in modern development. Not because it's malicious — but because it's forgettable.
Go check your OAuth grants today. Seriously, right now. How many did you find that you'd completely forgotten about? 👇