A Game Download Started a Chain That Ended at Vercel Customer Data.

The Vercel breach that went public on April 19th was attributed to ShinyHunters, the same group behind the Ticketmaster and Snowflake attacks in recent years. The data was listed for sale at $2 million. But the part of this story that’s not getting enough coverage is how the attack actually started — because it didn’t begin with a sophisticated zero-day or a spear-phishing email crafted by AI. It began with a Vercel employee downloading a cracked game.

That’s the full chain: game exploit download → Lumma Stealer malware installed on personal device → Google Workspace credentials harvested → Context.ai’s customer support account accessed via those credentials → OAuth token belonging to a Vercel employee obtained through Context.ai’s support panel → Vercel customer data exfiltrated. ShinyHunters didn’t find a hole in Vercel’s infrastructure. They found a hole in a vendor’s infrastructure, accessed through a personal device that was never supposed to be part of the attack surface. Mandiant was engaged. The investigation is ongoing.

This attack chain is textbook 2026 threat methodology, and it’s worth walking through each link because that’s where the lessons are.

The cracked game download is step one, and it’s the most human part of the whole thing. Lumma Stealer is an infostealer that’s been circulating since 2022 and has evolved into a highly capable credential harvesting tool. It specifically targets browser-stored credentials, cryptocurrency wallets, and session tokens — the exact things a software engineer’s personal machine is likely to have in abundance. The malware gets distributed through “free” software, game cracks, pirated tools — anything that attracts downloads without scrutiny. You don’t need to trick a sophisticated security engineer with a clever email. You need them to download something outside their work environment, on a device that isn’t under corporate MDM, and the rest follows.

The jump from a personal device to Google Workspace credentials is where it gets more interesting. Lumma Stealer targets browser-saved passwords and active session tokens, which means it doesn’t necessarily need the plaintext password — it can steal a valid session that bypasses multi-factor authentication entirely. If the Vercel employee was logged into their work Google account on the compromised device, the attacker now has access without ever triggering an MFA challenge. This is one of the ways modern infostealers have made MFA less protective than it used to be, and it’s why “just enable MFA” is no longer the conversation stopper it was in 2019.

The pivot through Context.ai is where supply chain attacks reach their full sophistication. Context.ai is a customer data platform — it’s the kind of tool that has legitimate access to customer records because that’s what it’s built to handle. A customer support account at a company like Context.ai doesn’t look like a high-value target from the outside. It’s not storing source code or payment data in the obvious sense. But it has access to customer identity data, account details, and — critically — the kind of OAuth integration tokens that let it talk to the services it supports on behalf of those services’ teams.

An OAuth token issued by Vercel to Context.ai for support purposes is, from Vercel’s authentication system’s perspective, a legitimate and authorized credential. When that token gets stolen, the attacker isn’t bypassing Vercel’s security. They’re walking through the front door with a key that Vercel itself issued. The attack is real, the damage is real, but the path in looks authorized at every step.

The $2 million asking price is almost secondary to the method. What ShinyHunters demonstrated here is a playbook: identify a target’s third-party vendors, find the weakest authentication link in those vendor relationships, and compromise it through a vector that has nothing to do with the target’s own security posture. The Vercel breach isn’t evidence that Vercel’s security team was negligent. It’s evidence that modern software supply chains are attack surfaces that extend far beyond any single company’s control perimeter.

The implications aren’t complicated, even if they’re hard to act on. Every OAuth token your company has issued to a vendor is a potential entry point if that vendor’s credentials are compromised. Every support platform that has access to customer data is a lateral movement opportunity. Personal devices used for any work activity are endpoints, even if they’re not enrolled in your MDM. None of this is new information for security teams — but Vercel via Context.ai via Lumma Stealer via a game crack is a clean, real-world demonstration of how these attack surfaces actually get exploited.

The next few months will likely surface more details about what was actually taken and who was affected. Mandiant’s involvement suggests the investigation is being taken seriously. But the most important thing to take from this right now — before the post-mortem, before the security recommendations, before the lawsuits — is the starting point. A cracked game. That’s the gap that opened this door.