Apps and websites hosting giant Vercel said on Thursday that hackers accessed some customer data before the company discovered its latest data breach. This suggests that this incident may have broader security implications than initially realized.
In an update to its security incidents page, Vercel said it had expanded its initial investigation and identified evidence of malicious activity on its network prior to the breach in early April.
“We have discovered a small number of customer accounts that are unrelated to this incident and have evidence of prior compromise that preceded this incident, potentially as a result of social engineering, malware, or other methods,” the update says.
Vercel also said it discovered more customer accounts had been compromised as a result of the April incident, but did not provide further details, only saying it had notified customers known to have been affected so far.
The San Francisco-based app and website hosting company said its internal systems were breached after an employee downloaded an app created by software startup Context AI. The app was exploited by hackers to access employees’ work accounts and later access Vercel’s systems.
The new update suggests the data breach may be larger in scope and longer lasting than initially thought.
Vercel CEO Guillermo Rauch confirmed in a post about
A Vercel spokeswoman declined to comment following the update to the incident page. They would not confirm how many customers the current breach affects, nor would they say how old the second compromise was.
Vercel has not yet confirmed how the hackers broke into its systems, but Rauch pointed to early indications that the hackers relied on malware to compromise computers “to find valuable tokens, such as keys to Vercel accounts and other providers.”
Rauch may refer to Infostealer, or information-stealing malware that often masquerades as legitimate software. Once installed, the malware collects and uploads sensitive secrets, including passwords and other private keys, from the victim’s computer, allowing hackers to enter any system they can access through those keys.
“Once an attacker obtains those keys, our logs show a recurring pattern of rapid, comprehensive API usage with a focus on enumerating non-sensitive environment variables,” Rauch said.
Hackers used hijacked Vercel employee accounts to access some of the company’s internal systems, including unencrypted customer credentials.
Rauch’s comments appear to add weight to previous reports by security researchers that a Context AI employee’s computer was infected with the Infostealer malware after searching for Roblox game cheats.
It is not yet known how many customers are affected by the Vercel breach and the theft of customer data. Vercel and Context AI suggested the breach could affect more companies and reveal more victims.
If you purchase through links in our articles, we may receive a small commission. This does not affect our editorial independence.
