- Vercel expanded its investigation into the breaches, confirming more compromised accounts than initially reported.
- Researchers linked the attack to a Context.ai account infected with Lumma Stealer malware, which was used to access Vercel environments.
- A Dark Web actor attempted to sell stolen Vercel data, claiming ties to ShinyHunters, although the group has denied involvement.
The number of customers affected by the recent breach at Vercel is larger than initially thought, with the company confirming that it has discovered even more compromised accounts.
Earlier this week, the cloud development platform confirmed it suffered a cyberattack and lost “non-sensitive” customer data. In the initial report, Vercel said one of its employees used a third-party AI tool called Context.ai, which appears to have been used as an entry point.
“The incident occurred due to a Context.ai compromise,” the company said, claiming that the attacker used this access to take over that employee’s Google Workspace account. Through this, they gained access to certain Vercel environments and environment variables that were not marked as ‘sensitive’.
Article continues below
Infected after downloading “game hacks”
During further investigation, Vercel expanded its list of indicators of compromise. As a result, it found even more accounts exposed. It also said it found a “small number” of customer accounts with appropriate evidence of compromise, prior to this attack. According to the company, these flaws are the result of social engineering or malware attacks.
He said he had informed those affected, but would not say how many people were affected.
In its own investigation, security researchers Hudson Rock discovered that Context.ai user was infected by the information stealer Lumma Stealer in February 2026, after researching exploits for Roblox.
“We now understand that the malicious actor has been active beyond compromising this startup,” Guillermo Rauch, CEO of Vercel, said on
Just a day before Vercel announced the breach, someone tried to sell the archive on a dark web forum. “Hello everyone. Today I’m selling Vercel access key/source code/database,” the attacker said. They claimed to be part of Team ShinyHunters, which the group denied.
Via Hacker news
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds.
