Vercel Confirms Expanded Fallout from Internal Systems Attack, Affects More Customers Than Initially Reported

Vercel’s Internal Systems Breach Expands to More Customers

Vercel has confirmed that the fallout from an attack on its internal systems has affected more customers than initially reported. The company, which provides cloud infrastructure and developer tools, including the widely used Next.js platform, maintains that only a “small number” of accounts were compromised. However, Vercel has not yet disclosed the exact number or range of incidents linked to the breach.

Vercel CEO Guillermo Rauch stated in a post on X that the company and its partners analyzed nearly a petabyte of logs across the Vercel network and API. Their findings indicate that malicious activity extends beyond the initial attack, which originated at Context.ai, a third-party AI tool.

“Threat intel points to the distribution of malware to computers in search of valuable tokens like keys to Vercel accounts and other providers,” Rauch said. “Once the attacker gets ahold of those keys, our logs show a repeated pattern: rapid and comprehensive API usage, with a focus on enumeration of non-sensitive environment variables.”

The attack highlights the risks posed by interconnected systems that rely on OAuth tokens, trusted relationships, and overly privileged permissions. Munish Walther-Puri, head of critical digital infrastructure at TPO Group, emphasized the role of trust in the breach, stating,

“The real vulnerability was trust, not technology. OAuth turned a productivity app into a backdoor. Every AI tool an employee connects to their work account is now a potential attack surface.”

An attacker reportedly traversed Vercel’s internal systems to steal and decrypt customer data, including environment variables, creating significant downstream risks. Vercel attributes the breach to Context.ai, which was used by one of its employees.

Malware Infection Linked to Context.ai Employee’s Computer

Researchers at Hudson Rock previously identified that the attack’s origins trace back to February, when a Context.ai employee’s computer was infected with Lumma Stealer malware. The infection occurred after the employee searched for Roblox game exploits, a common vector for infostealer deployments.

Vercel has not specified which systems or customer data were compromised, nor has it detailed the threat’s eradication or containment. The company also noted that it found no evidence of tampering in the software packages it publishes, asserting that “we believe the supply chain remains safe.”

Separate Customer Compromises Identified, Not Linked to Vercel Breach

In an updated security bulletin, Vercel disclosed that it identified a separate “small number of customers” who were compromised in attacks unrelated to the breach of its internal systems. The company stated:

“These compromises do not appear to have originated on Vercel systems. This activity does not appear to be a continuation or expansion of the April incident, nor does it appear to be evidence of an earlier Vercel security incident.”

It remains unclear how Vercel became aware of these additional attacks or why they are being disclosed publicly. Vercel declined to comment further, and Mandiant, which is conducting the incident response and investigation, referred inquiries back to Vercel. The company has not attributed the breach to any named threat group.