Vercel said ongoing analysis found the fallout from an attack on its internal systems affected more customers than previously known, with a “small number” of accounts impacted and investigations uncovering additional evidence of compromise. The incident originated at third‑party Context.ai, involved Lumma Stealer and the theft of API keys/tokens used to enumerate environment variables, creating potentially large downstream risk. #Vercel #LummaStealer
Keypoints
- Vercel disclosed that more customers were impacted by its internal systems breach than initially reported.
- The intrusion traced back to a Context.ai compromise tied to Lumma Stealer infecting an employee’s device.
- Attackers focused on stealing API keys and tokens, then rapidly enumerating environment variables to access resources.
- Vercel says its published packages appear untampered and the supply chain remains safe while Mandiant investigates.
- An account claiming to be ShinyHunters is selling the stolen data, heightening concerns about downstream exposure.
Read More: https://cyberscoop.com/vercel-attack-fallout-expands/