Vercel's CEO Guillermo Rauch has attributed a recent security breach to a compromised employee account linked to Context.ai, with attackers suspected of using AI to move with unusual speed and precision. The intrusion began with a Lumma infostealer infection in February that lifted corporate credentials, followed by OAuth abuse to access Vercel's Google Workspace and environment variables. Vercel says customer data is encrypted at rest but non-sensitive environment variables were exposed. The company believes the number of affected customers is limited and has engaged Mandiant for incident response. Meanwhile, stolen data including API keys, deployment credentials, GitHub and npm tokens is reportedly being sold on BreachForums for $2 million, though Vercel confirmed no npm packages were compromised.
Sort: