Vercel says some of its customers’ data was stolen prior to its recent hack

The first StrictlyVC of 2026 hits SF on April 30. Tickets are going fast. Register now. Save up to $680 on your Disrupt 2026 pass. Ends 11:59 p.m. PT tonight. REGISTER NOW. TechCrunch Desktop Logo TechCrunch Mobile Logo LatestStartupsVentureAppleSecurityAIApps EventsPodcastsNewsletters SearchSubmit Site Search Toggle Mega Menu Toggle Topics Latest Vercel says some of its customers’ data was stolen prior to its recent hack Zack Whittaker 7:43 AM PDT · April 23, 2026 App and website hosting giant Vercel on Thursdays said hackers had accessed some of its customers’ data before the company discovered its recent data breach, suggesting that this incident may have broader security implications than initially known. In an update on its security incident page, Vercel said it had identified evidence of malicious activity on its network preceding the early-April breach after it expanded its initial investigation. “We have uncovered a small number of customer accounts with evidence of prior compromise that is independent of and predates this incident, potentially as a result of social engineering, malware, or other methods,” the update reads. Vercel also said it discovered more customer accounts compromised by the April incident, but did not disclose details, only saying that it had notified customers known to be affected so far. The San Francisco-based app and website hosting company initially said its internal systems were breached after an employee downloaded an app made by software startup Context AI, which hackers abused to gain access to the employee’s work account, and subsequently, Vercel’s systems. The new update suggests the data breach may be larger in scope and could have lasted longer than initially thought. In a post on X, Vercel CEO Guillermo Rauch confirmed that the hackers who compromised Vercel have been active “beyond that startup’s compromise,” referring to Context AI, which confirmed an earlier breach of its systems in a post this week. A Vercel spokesperson declined to comment beyond the update on the incident page. They would neither confirm how many customers the breach now affects, nor say how far the second compromise dates back. Vercel has not yet confirmed how the hackers broke into its systems, but Rauch pointed to early signs that the hackers relied on malware that compromises computers “in search of valuable tokens like keys to Vercel accounts and other providers.” Rauch may be referring to information stealing malware, or infostealers, which often masquerade as legitimate software. When installed, the malware collects and uploads sensitive secrets from the victim’s computer, including passwords and other private keys, allowing hackers to enter any system that those keys allow access to. “Once the attacker gets ahold of those keys, our logs show a repeated pattern: rapid and comprehensive API usage, with a focus on enumeration of non-sensitive environment variables,” said Rauch. The hackers used the hijacked Vercel employee’s account to gain access to some of the company’s internal systems, including customer credentials that were not encrypted. Rauch’s comments appear to add weight to earlier reporting by security researchers that a Context AI employee’s computer was infected with infostealer malware after they allegedly looked up Roblox game cheats. TechCrunch reported on Thursday that embattled compliance startup Delve, accused of faking customer data, performed the security certifications for Context AI. It’s not yet known how many customers are affected by the Vercel breaches and customer data thefts. Both Vercel and Context AI have suggested that the breach may affect more companies, and that more victims may come to light.  When you purchase through links in our articles, we may earn a small commission. This doesn’t affect our editorial independence. Zack Whittaker Security Editor Zack Whittaker is the security editor at TechCrunch. He also authors the weekly cybersecurity newsletter, this week in security. He can be reached via encrypted message at zackwhittaker.1337 on Signal. You can also contact him by email, or to verify outreach, at zack.whittaker@techcrunch.com. April 30 San Francisco, CA StrictlyVC kicks off the year in SF. Get in the room for unfiltered fireside chats with industry leaders, insider VC insights, and high-value connections that actually move the needle. Tickets are limited. Most Popular Duolingo is now giving users access to advanced learning content Lauren Forristal Unauthorized group has gained access to Anthropic’s exclusive cyber tool Mythos, report claims Lucas Ropek Tim Cook stepping down as Apple CEO, John Ternus taking over Amanda Silberling Connie Loizos Rivian’s factory hit by tornado ahead of R2 launch Sean O'Kane Blue Origin’s New Glenn put a customer satellite in the wrong orbit during its third launch Sean O'Kane Palantir posts mini-manifesto denouncing inclusivity and ‘regressive’ cultures Anthony Ha Anthropic launches Claude Design, a new product for creating quick visuals Aisha Malik X LinkedIn Facebook Instagram youTube Mastodon Threads Bluesky TechCrunchStaffContact UsAdvertiseCrunchboard JobsSite Map Terms of ServicePrivacy PolicyRSS Terms of UseCode of Conduct Tim CookJohn TernusNew GlennWhatsAppMythosTech LayoffsChatGPT © 2026 TechCrunch Media LLC.