App and website hosting giant Vercel on Thursday said hackers accessed some of its customers’ data before the company discovered the recent data breach, suggesting that this incident may have broader security implications than initially known.
In an update to the security events pageVercel said it had detected evidence of malicious activity on its network before the breach in early April, after expanding its initial investigation.
“We have uncovered a small number of customer accounts with evidence of prior compromise that is independent and predates this event, possibly as a result of social engineering, malware, or other methods,” the update says.
Vercel also said it had discovered more customer accounts compromised since the April incident, but did not disclose details, saying only that it had notified customers known to be affected so far.
The San Francisco-based app and website hosting company initially said its internal systems were breached after an employee downloaded an app created by software startup Context AI, which hackers exploited to gain access to the employee’s work account and then to Vercel’s systems.
The new update suggests that the data breach may be more extensive and could have lasted longer than first thought.
In a post on XVercel CEO Guillermo Rauch confirmed that the hackers who breached Vercel were active “beyond the compromise of this startup,” referring to Context AI, which confirmed an earlier breach of its systems in a post this week.
A spokesperson for Vercel declined to comment beyond the update on the incident page. They will neither confirm how many customers are now affected by the breach, nor say how far back the second compromise dates.
Vercel has yet to confirm how the hackers broke into its systems, but Rauch pointed to early signs that the hackers were relying on malware that undermines computers “in search of valuable tokens such as keys to Vercel accounts and other providers.”
Rauch can refer to information-stealing malware or infotealers, which often masquerade as legitimate software. Once installed, the malware collects and uploads sensitive secrets from the victim’s computer, including passwords and other private keys, allowing hackers to enter any system that those keys allow access to.
“Once the attacker gets hold of these keys, our logs show a recurring pattern: rapid and comprehensive API usage, with an emphasis on enumerating insensitive environment variables,” Rauch said.
The hackers used the compromised Vercel employee’s account to gain access to some of the company’s internal systems, including customer credentials that were not encrypted.
Rauch’s comments seem to add weight to the previous ones reports from security researchers that a Context AI employee’s computer was infected with infostealer malware after they allegedly searched for Roblox game cheats. TechCrunch reported Thursday that compliance startup Delve, which has been accused of falsifying customer data, has completed security certifications for Context AI.
It is not yet known how many customers are affected by the Vercel breaches and the theft of customer data. Both Vercel and Context AI have suggested that the breach may affect more companies and that more victims may come to light.
When you purchase through links in our articles, we may earn a small commission. This does not affect our editorial independence.
