alt Hacker NewsI believe this is inaccurate. Vercel env vars are all encrypted at rest (on their side). The 'sensitive' checkbox means you can't retrieve the value once it's set, which would have saved your ass in this case. Also, annoying to read an article like this without a single link to source material.
I think it's clear that some customers env vars got exposed, so that can only mean unencrypted, right?