Vercel, the company that creates and maintains Next.js and hosts cloud infrastructure for developers, says ongoing analysis has uncovered additional evidence that an attacker moved through its internal systems and into downstream environments. The company says a “small number” of accounts were impacted but has not published a count or range. Vercel reported it and partners have analyzed nearly a petabyte of logs across the Vercel network and API in the course of the investigation.
What Vercel has disclosed about the intrusion
Vercel says the breach originated at Context.ai, a third‑party AI tool used by one of its employees, and that an attacker traversed Vercel’s internal systems to steal and decrypt customer data, including environment variables Vercel stored. The company reported that once attackers obtained keys, its logs "show a repeated pattern: rapid and comprehensive API usage, with a focus on enumeration of non‑sensitive environment variables," a pattern Rauch described on X.
Vercel also told users it has found no evidence of tampering across the software packages it publishes, concluding that "we believe the supply chain remains safe." The company has not specified which systems or customers were affected, nor detailed which threats have been eradicated or contained.
OAuth, tokens and the “real vulnerability” of trust
Investigators described a campaign seeking credentials and tokens rather than conspicuous data exfiltration alone. Rauch said intelligence points to malware distributed to machines "in search of valuable tokens like keys to Vercel accounts and other providers." Munish Walther‑Puri, head of critical digital infrastructure at TPO Group, told CyberScoop, "The real vulnerability was trust, not technology," and added, "OAuth turned a productivity app into a backdoor."
Walther‑Puri warned that the downstream blast radius remains undefined, emphasizing that "stolen API keys and source code snippets from internal views are potentially keys to customer production environments." He characterized some of the allegedly stolen material as "infrastructure intelligence" that can allow attackers to operate as if they were inside a system.
Origins traced to Context.ai and an infostealer chain
Vercel has insisted the incident began with Context.ai. Researchers at Hudson Rock previously reported that the seeds of the intrusion were planted in February when a Context.ai employee's computer was infected with Lumma Stealer malware after searching for Roblox game exploits — a vector Hudson Rock described as a common entry point for infostealer deployments.
That chain, as described in reporting, underscores how a seemingly unrelated activity on a third‑party tool can lead to exposure of tokens and credentials that in turn enable lateral movement into connected services.
Separate customer compromises and claims of data sale
In an update, Vercel said it had identified a separate "small number of customers" compromised in activity the company believes did not originate on Vercel systems and does "not appear to be a continuation or expansion of the April incident." The company did not explain how it became aware of these other compromises and declined to answer additional questions; Mandiant, which is conducting incident response and an investigation, referred inquiries back to Vercel.
An online persona calling itself ShinyHunters claimed responsibility for the attack and is attempting to sell data it says includes access keys, source code and databases. Austin Larsen, principal threat analyst at Google Threat Intelligence Group, said the attacker is "likely an imposter" but underlined that "the risk of exposure is real."
What this means for technologists, enterprises, and open‑source maintainers
- Technologists and security teams should be alert for the pattern Vercel described: rapid, broad API activity following token theft and targeted enumeration of environment variables. Logs and token use patterns tied to external tools merit immediate review given the attacker's reported behavior.
- Affected enterprises and procurement leaders will need to reconcile Vercel’s limited disclosure — a "small number" of impacted accounts and separate customer compromises that "do not appear to have originated on Vercel systems" — with their own inventories of third‑party access and OAuth permissions.
- Open‑source maintainers linked to Vercel projects can take cautious reassurance from Vercel's statement that it "believes the supply chain remains safe," while also watching Mandiant’s ongoing investigation and any further evidence Vercel releases about package or repository integrity.
Vercel’s public record leaves three concrete facts in view: the company traced the initial intrusion to Context.ai, it and partners have analyzed nearly a petabyte of logs, and the company found no evidence of backdoors or tampering in the packages it publishes. Beyond that, unanswered specifics — the exact number of impacted accounts, the identities of affected customers, and public confirmation of data being sold — remain unresolved as Mandiant continues its investigation and Vercel resists further comment.
Read the original CyberScoop report: https://cyberscoop.com/vercel-attack-fallout-expands/




