App and website hosting company Vercel disclosed on Thursday that hackers accessed some customer data before its recently reported breach, suggesting the security incident is broader in scope and may have begun earlier than initially known.
In an update to its security incident page, San Francisco-based Vercel said it found evidence of malicious activity on its network that predates the early-April breach, uncovered after the company expanded its investigation. “We have uncovered a small number of customer accounts with evidence of prior compromise that is independent of and predates this incident, potentially as a result of social engineering, malware, or other methods,” the update states. The company also said it identified additional customer accounts compromised during the April incident, but did not disclose how many, saying only that affected customers have been notified.
Vercel originally said the breach began when an employee downloaded an app made by software startup Context AI, which hackers had already compromised. That gave attackers access to the employee’s work account and, subsequently, to Vercel’s internal systems — including customer credentials that were not encrypted.
Vercel CEO Guillermo Rauch confirmed on X that the hackers involved were active “beyond that startup’s compromise,” referring to Context AI, which confirmed its own earlier breach this week. Rauch pointed to early signs that the attackers used information-stealing malware — software that masquerades as legitimate applications and collects sensitive data such as passwords and private keys from infected computers. “Once the attacker gets ahold of those keys, our logs show a repeated pattern: rapid and comprehensive API usage, with a focus on enumeration of non-sensitive environment variables,” Rauch said.
Rauch’s comments appear to align with earlier reporting by security researchers that a Context AI employee’s computer was infected with infostealer malware after they allegedly searched for Roblox game cheats. TechCrunch also reported that Delve, a compliance startup accused of faking customer data, had performed the security certifications for Context AI.
A Vercel spokesperson declined to comment beyond the incident page update and would not confirm how many customers are now affected or how far back the earlier compromise dates. Both Vercel and Context AI have indicated the breach may affect additional companies, and that more victims could emerge.
Source: TechCrunch