Scope of Vercel Breach Grows as Investigation Continues
Vercel, the company behind developer tooling and cloud infrastructure — including the wildly popular Next.js framework, which is downloaded more than 9 million times per week — has confirmed that an attack on its internal systems affected a larger number of customers than initially reported. Despite this, the company has declined to provide a specific count or range of impacted accounts, describing the total only as a "small number."
The updated disclosure came after Vercel CEO Guillermo Rauch said the company and its partners had analyzed nearly a petabyte of logs spanning the Vercel network and API. That deep-dive revealed that malicious activity targeting Vercel and its customers extended well beyond what was known from the initial attack, which the company says originated at Context.ai, a third-party AI tool used by one of its employees.
How the Attack Unfolded
Researchers at Hudson Rock previously established that the groundwork for the intrusion was laid in February, when a Context.ai employee's computer was infected with Lumma Stealer malware. The infection reportedly occurred after the employee searched for Roblox game exploits — a well-documented vector for deploying infostealer malware. From that initial foothold, an attacker was able to traverse Vercel's internal systems and steal and decrypt customer data, including environment variables stored by the platform.
In a post on X, Rauch described the attacker's behavior once access was established: "Threat intel points to the distribution of malware to computers in search of valuable tokens like keys to Vercel accounts and other providers. Once the attacker gets ahold of those keys, our logs show a repeated pattern: rapid and comprehensive API usage, with a focus on enumeration of non-sensitive environment variables."
The Structural Vulnerability: Trust, Not Technology
Security analysts have framed the Vercel incident as a stark illustration of how interconnected systems — relying on OAuth tokens, trusted relationships, and overly permissioned service integrations — can transform a single infected endpoint into an enterprise-wide liability.
"The real vulnerability was trust, not technology. OAuth turned a productivity app into a backdoor. Every AI tool an employee connects to their work account is now a potential attack surface." — Munish Walther-Puri, Head of Critical Digital Infrastructure, TPO Group
Walther-Puri also warned that the downstream blast radius from the breach remains undefined, noting that stolen API keys and source code snippets from internal views are potentially keys to customer production environments. He described the stolen data as deceptively mundane but strategically dangerous: "The right environment variable doesn't just unlock a system — it lets adversaries become that system, silently, from the inside."
A Separate Set of Compromised Customers
Adding to the complexity of the situation, Vercel's updated security bulletin disclosed a distinct — and particularly puzzling — finding: a separate "small number of customers" were compromised in attacks that appear entirely unrelated to the breach of Vercel's own systems.
The company stated explicitly: "These compromises do not appear to have originated on Vercel systems. This activity does not appear to be a continuation or expansion of the April incident, nor does it appear to be evidence of an earlier Vercel security incident."
Vercel has not explained how it became aware of these additional incidents or why it chose to include them in the same public disclosure. The company declined to answer press questions, and Mandiant, which is leading the incident response and investigation, referred all inquiries back to Vercel.
ShinyHunters Claims Responsibility — But Authenticity Is in Question
An online persona identifying themselves as ShinyHunters has claimed responsibility for the attack and is reportedly attempting to sell the stolen data, which they allege includes access keys, source code, and databases. However, Austin Larsen, principal threat analyst at Google Threat Intelligence Group, assessed the actor as "likely an imposter," while stressing that the risk of exposure from the stolen data remains very real regardless of attribution.
Vercel itself has not attributed the breach to any named threat actor or articulated what the attacker's ultimate objectives may have been.
Supply Chain Concerns and What Remains Unknown
Despite the seriousness of the intrusion, Vercel has asserted that its published software packages show no evidence of tampering, concluding that "we believe the supply chain remains safe." The company has not, however, specified which systems were accessed, what customer data was exposed in detail, or whether the threat has been fully eradicated or merely contained.
Key unanswered questions include:
- How many customers were affected in total, across both the primary breach and the secondary, unrelated incidents?
- What specific environment variables or credentials were accessed?
- Has the malware distribution mechanism described by Rauch been fully identified and shut down?
- What is Vercel's relationship to the separately compromised customers, and how were those breaches detected?
Broader Implications for Developer Infrastructure
The Vercel incident underscores a growing challenge for organizations that rely on a web of interconnected SaaS tools, AI integrations, and third-party services. As Walther-Puri put it, the attack surface is no longer defined by an organization's own perimeter — it extends to every application, token, and trusted relationship connected to employee accounts.
Vercel maintains Next.js and other widely used open-source projects that sit at the foundation of countless production applications. Even if the company's direct supply chain remains uncompromised, the exposure of infrastructure intelligence — environment variables, API keys, and internal system layouts — gives sophisticated adversaries the knowledge needed to move laterally through customer environments undetected.
The investigation is ongoing, with Mandiant leading forensic efforts. Further disclosures are expected as analysis of the nearly one petabyte of logs continues.
Source: CyberScoop