Vercel, a leading app and website hosting provider, announced on Thursday that hackers accessed some customer data before the company detected its recent data breach, indicating potential broader security implications. In an update on its security page, Vercel detailed finding evidence of malicious activity on its network before the early-April breach after broadening its investigation.
“We have identified a few customer accounts with evidence of prior compromise independent of this incident, possibly due to social engineering, malware, or other methods,” the update stated. Vercel also discovered additional customer accounts compromised by the April incident but didn’t provide specifics, noting only that it had notified affected customers.
The San Francisco-based company initially reported its internal systems were breached after an employee downloaded an app by software startup Context AI, which hackers exploited to access the employee’s work account and, subsequently, Vercel’s systems. The new update suggests the breach could be larger and of longer duration than first believed.
In a post on X, Vercel CEO Guillermo Rauch confirmed the hackers have been active “beyond that startup’s compromise,” referring to Context AI, which confirmed a previous breach of its systems. A Vercel spokesperson declined to comment beyond the incident page update, not specifying how many customers are currently affected or the extent of the second compromise.
Vercel has yet to confirm how the hackers infiltrated its systems, but Rauch indicated early signs suggest the use of malware that compromises computers “in search of valuable tokens like keys to Vercel accounts and other providers.” Rauch may be alluding to infostealing malware, which can collect and upload sensitive data such as passwords from a victim’s computer.
“Once attackers get ahold of those keys, our logs show a repeated pattern: rapid and comprehensive API usage, with a focus on enumeration of non-sensitive environment variables,” Rauch noted. The hackers used a hijacked Vercel employee account to access some internal systems, including unencrypted customer credentials.
Rauch’s remarks reinforce earlier reports by security researchers that a Context AI employee’s computer was infected with infostealer malware after allegedly searching for Roblox game cheats. TechCrunch reported Thursday that compliance startup Delve, accused of fabricating customer data, performed security certifications for Context AI.
It’s not fully known how many customers are impacted by the Vercel breaches and data thefts. Both Vercel and Context AI suggest the breach might affect more companies, with more victims potentially emerging.