Vercel says some of its customers’ data was stolen before the recent hack

App and website hosting giant Vercel said Thursday that hackers had accessed some of its customers’ data before the company discovered a recent data breach, suggesting this incident may have broader security implications than initially known.

In an update to its security incident page, Vercel said it had identified evidence of malicious activity on its network prior to the hack in early April after it expanded its initial investigation.

“We have discovered a small number of customer accounts with evidence of prior compromise independent of and preceding this incident, possibly as a result of social engineering, malware, or other methods,” the update said.

Vercel also said it had discovered more customer accounts that had been compromised due to the April incident, but did not reveal details, saying only that it had notified customers known to have been affected so far.

The San Francisco-based app and website hosting company initially said its internal systems were compromised after an employee downloaded an app created by software startup context AI, which hackers misused to access the employee’s work account and, by extension, Vercel’s systems.

The new update suggests that the data breach may be larger in scope and could last longer than initially thought.

In a post to

A Vercel spokesperson declined to comment beyond the update on the incident page. They did not confirm how many customers the hack now affects, nor did they say how far back the second compromise goes.

Vercel has not yet confirmed how the hackers breached its systems, but Rauch pointed to early signs that the hackers relied on malware that compromised computers “in search of valuable codes such as keys to Vercel accounts and other service providers.”

Rauch may be referring to information-stealing malware, or information-stealing software, which often masquerades as legitimate software. When installed, the malware collects and uploads sensitive secrets from the victim’s computer, including passwords and other private keys, allowing hackers to enter any system to which these keys allow access.

“Once the attacker obtains these keys, our logs show a recurring pattern: rapid and extensive use of the API, with an emphasis on enumeration of non-sensitive environment variables,” Rauch said.

The hackers used the hijacked Vercel employee account to access some of the company’s internal systems, including customer credentials that were not encrypted.

Rauch’s comments appear to add weight to previous reports by security researchers that an AI employee’s computer was infected with information-stealing malware after they searched for Roblox cheats. Compliance-troubled startup Delve, which has been accused of falsifying customer data, has conducted security certifications for context AI, TechCrunch reported on Thursday.

It is not yet known how many customers were affected by the Vercel breach and theft of customer data. Both Vercel and Context AI have suggested that the hack may affect more companies, and that more victims may come to light.