What began as a contained supply chain incident has quietly expanded into something far more serious.
Vercel has updated its April 2026 security bulletin, confirming that some customer data was stolen before the breach the company originally disclosed — and that the threat actor behind this attack was already hunting for developer credentials across the broader internet well before the Context.ai compromise that initially triggered the investigation.
Vercel's security team sifted through nearly a petabyte of network and API logs — extending well beyond the original Context.ai entry point — and surfaced two separate findings.
First, additional customer accounts were compromised as part of the April incident, beyond the initially identified subset. Second, and more alarmingly, a separate cluster of customer accounts showed signs of compromise that predates the April breach entirely and appears unconnected to Vercel's own systems.
Vercel has described these earlier intrusions as potentially resulting from social engineering, malware, or other external methods — and has already contacted affected customers.
CEO Guillermo Rauch pointed directly to infostealer malware (credential-harvesting software that silently extracts passwords, tokens, and API keys from infected machines) as the likely mechanism. Once attackers collected those keys, Vercel's logs reveal a consistent playbook: fast, systematic API calls designed to enumerate and read non-sensitive environment variables—the configuration values that hold API keys, database credentials, and third-party service tokens.
That pattern lines up with earlier reporting that a Context.ai employee's computer was infected with infostealer malware after allegedly searching for Roblox game cheats — a textbook infostealer delivery scenario.
This Is Bigger Than One Company
Vercel has notified other suspected victims of this threat actor entirely outside of this incident. The company is now coordinating with Microsoft, AWS, Wiz, GitHub, npm, and Socket as part of a widened industry response. On one confirmed positive note: npm packages published by Vercel have been verified as uncompromised, meaning the Next.js supply chain remains clean for now.
If you haven't rotated your Vercel environment variables — especially any not marked as "sensitive" — treat them as already stolen.
Enable multi-factor authentication immediately, review your account activity logs for anything unusual between April 1 and now, and migrate all secrets to Vercel's sensitive environment variables feature going forward. Crucially, Vercel warns that simply deleting your project or account does not eliminate the risk — compromised secrets can still be used against live production systems.