Vercel has disclosed that hackers accessed customer data before its previously reported early-April breach, suggesting the incident is broader in scope than initially known. The company found evidence of prior compromise on a small number of customer accounts, potentially via social engineering, malware, or other methods. Vercel CEO Guillermo Rauch indicated the attackers used infostealer malware to harvest tokens and API keys, then systematically enumerated environment variables. The initial breach was traced to an employee downloading an app from Context AI, whose systems were also compromised. Both companies have warned that more victims may emerge as investigations continue.
Sort: