Vercel discovered evidence of a separate customer data theft occurring before its publicly disclosed April breach. The hosting platform uncovered the additional compromise while investigating the initial incident.
The app and website hosting company expanded its investigation into the April breach and found proof of an earlier unauthorized access to customer accounts. Vercel has not disclosed specific details about what data was stolen, the number of affected customers, or the timeline of the prior compromise.
This marks the second confirmed incident involving Vercel customer accounts in recent weeks. The company did not immediately clarify whether the two breaches share a common cause or if they resulted from separate vulnerabilities.
Vercel has notified affected customers and recommended security measures. The company is conducting a broader review of its systems to identify any additional unauthorized access. Customers are advised to review their account activity and change credentials if necessary.
The incidents highlight ongoing security challenges in the cloud hosting sector, where breaches can expose sensitive infrastructure and application data belonging to thousands of businesses relying on these platforms.
Federal prosecutors have unsealed a 2024 indictment charging three Russian nationals and two web hosting services with facilitating cyberattacks and money laundering that victimized cybercrime targets of $62 million.
A hacker accessed Suno's source code using stolen employee credentials, revealing that the AI music generator scraped decades of audio from YouTube to train its model.
Criminals can now clone voices with AI in mere seconds, outpacing traditional authentication defenses that banks and financial institutions rely on to prevent fraud.
Five malicious versions of AsyncAPI packages were published to npm, delivering a remote access trojan capable of stealing credentials and sensitive data from developer systems.