App and website hosting company Vercel revealed Thursday that hackers accessed customer data before its recently disclosed April 2026 breach, indicating the security incident is more extensive than initially known.
In an update posted to its security incident page, the San Francisco-based company said it uncovered evidence of malicious activity on its network that predates the early-April breach discovered after expanding its investigation.
“We have uncovered a small number of customer accounts with evidence of prior compromise that is independent of and predates this incident, potentially as a result of social engineering, malware, or other methods,” the update reads.
Vercel also discovered additional customer accounts compromised by the April incident beyond those initially identified, though the company did not disclose specifics. It said it has notified customers known to be affected so far.
The company initially said its internal systems were breached after an employee downloaded an app made by software startup Context AI, which hackers exploited to gain access to the employee’s work account and subsequently Vercel’s systems.
Vercel CEO Guillermo Rauch confirmed in a post on X that the hackers who compromised Vercel have been active “beyond that startup’s compromise,” referring to Context AI, which confirmed an earlier breach of its systems this week.
Rauch pointed to early signs that the hackers relied on malware that compromises computers “in search of valuable tokens like keys to Vercel accounts and other providers.” Such information stealing malware, or infostealers, often masquerade as legitimate software and collect sensitive secrets from victims’ computers, including passwords and private keys.
“Once the attacker gets ahold of those keys, our logs show a repeated pattern: rapid and comprehensive API usage, with a focus on enumeration of non-sensitive environment variables,” Rauch said.
The hackers used the hijacked Vercel employee’s account to access some of the company’s internal systems, including customer credentials that were not encrypted.
A Vercel spokesperson declined to comment beyond the incident page update and would not confirm how many customers the breach affects or how far back the earlier compromise dates.
Security researchers previously reported that a Context AI employee’s computer was infected with infostealer malware after they allegedly looked up Roblox game cheats. TechCrunch reported Thursday that compliance startup Delve, accused of faking customer data, performed the security certifications for Context AI.
The total number of customers affected by the Vercel breaches and data thefts remains unknown. Both Vercel and Context AI have suggested the breach may affect more companies and that additional victims may come to light.
Source: TechCrunch