On Thursday, Vercel, a prominent app and website hosting provider, reported a data breach that has potentially wider implications than first anticipated. The company revealed that hackers had accessed customer data prior to their detection of the breach in early April. Upon further investigation, Vercel found evidence of malicious activity on its network preceding this incident.
In an update shared on its security incident page, Vercel acknowledged that a select number of customer accounts exhibited signs of prior compromise independent from this specific breach, which could have stemmed from social engineering, malware, or other means. Additionally, Vercel has identified further compromised accounts related to the April incident but has refrained from providing detailed information, citing that notifications have been sent to affected customers.
The San Francisco-based company’s initial assessment indicated that the breach occurred after an employee downloaded an application from Context AI, a software startup. This app was used by hackers to infiltrate the employee’s account, which eventually allowed access to Vercel’s systems. The latest details suggest that the breach’s scale and duration may be more extensive than originally believed.
Guillermo Rauch, Vercel’s CEO, confirmed on X that the hackers’ activities extended beyond the compromise associated with Context AI, which has itself acknowledged a previous breach. A spokesperson from Vercel did not provide specifics about the number of affected customers or the timeframe of the additional compromises.
While the exact entry method into Vercel’s systems remains unclear, Rauch indicated that early findings suggested the use of malware designed to compromise computers in search of valuable tokens, such as account access keys. This type of malware, often referred to as information-stealing malware or infostealers, can disguise itself as legitimate software and, once installed, collect sensitive information like passwords and private keys.
Rauch noted that once attackers acquire these keys, records showcase a consistent pattern of aggressive usage of the API, primarily focusing on non-sensitive environment variables. Using credentials obtained from the compromised employee account, the hackers accessed internal Vercel systems, including some customer credentials that were not encrypted.
This revelation supports earlier reports that alleged an employee at Context AI fell victim to infostealer malware, reportedly after searching for Roblox game cheats. Furthermore, it has been disclosed that Delve, a compliance startup facing accusations of falsifying customer data, conducted security certifications for Context AI.
As of now, the extent of the impact on Vercel’s customer base remains unclear, but both Vercel and Context AI have indicated that the breach may have affected additional companies, suggesting that more victims could be revealed in the future.
Fanpage: TechArena.au
Watch more about AI – Artificial Intelligence
