Vercel Security Breach Traced to Malware Hidden in Roblox Exploits, Exposing Customer Data

Vercel customers face potential data compromise after an attacker infiltrated multiple internal systems to steal credentials and sensitive information, the company revealed in a security bulletin on Sunday.

The attack, which did not originate at Vercel, underscores the vulnerabilities in interconnected cloud applications and SaaS integrations with overly privileged permissions.

According to researchers, the attack began in February when a Context.ai employee’s computer was infected with Lumma Stealer malware after searching for Roblox game exploits—a common vector for infostealer deployments.

How the Attack Unfolded

Hudson Rock researchers traced the breach’s origin to the infected Context.ai employee’s system. The attacker then traversed third-party systems and exposed connections left by employees before targeting Vercel, the San Francisco-based company behind Next.js and other popular open-source libraries.

Context.ai confirmed in a statement that the breach allowed the attacker to access its AWS environment and OAuth tokens for some users, including a token for a Vercel employee’s Google Workspace account. While Vercel is not a Context.ai customer, the employee had granted Context.ai’s Office Suite full access.

“The attacker used that access to take over the employee’s Vercel Google Workspace account, which enabled them to gain access to some Vercel environments and environment variables that were not marked as sensitive,” Vercel stated in its bulletin.

Impact and Response

Vercel reported that a limited number of customers were impacted and were immediately advised to rotate their credentials. The company declined to answer specific questions but did not detail which internal systems were accessed or fully explain how the attacker obtained customer credentials.

Vercel CEO Guillermo Rauch emphasized that customer data stored by the company is fully encrypted. However, he noted that the attacker gained further access through enumeration, a technique involving counting and inventorying specific variables.

“We believe the attacking group to be highly sophisticated and, I strongly suspect, significantly accelerated by AI. They moved with surprising velocity and in-depth understanding of Vercel.”

Rauch shared this assessment in a post on X.

Threat Actor Claims Responsibility

A group identifying itself as ShinyHunters claimed responsibility for the attack in a post on Telegram, attempting to sell the stolen data, which they alleged includes access keys, source code, and databases.

However, Austin Larsen, principal threat analyst at Google Threat Intelligence, cast doubt on the claim in a LinkedIn post, stating:

“The attacker is likely an imposter attempting to use an established name to inflate their notoriety. Regardless of the threat actor involved, the exposure risk is real.”

Vercel also warned that the attack on Context.ai’s Google Workspace OAuth app “was the subject of a broader compromise, potentially affecting its hundreds of users across many organizations.” The company published indicators of compromise and urged customers to review activity logs, as well as rotate and review variables containing secrets.

Ongoing Investigations

Both Context.ai and Vercel stated that their separate but coordinated investigations, aided by firms like CrowdStrike and Mandiant, remain ongoing.