Vercel CEO: Vercel Security Investigation Reveals Attacker Obtained Account Keys via Malware Distribution, Impact Scope Exceeds Initial Assessment

Odaily News Vercel CEO Guillermo Rauch posted on the X platform, stating that the team conducted an in-depth analysis of the recent security incident. The investigation revealed that the threat actor distributed malware on computers to search for Vercel account keys and keys from other service providers. Once the keys were obtained, the attacker performed large-scale operations via API, focusing on enumerating non-sensitive environment variables. Vercel has expanded collaboration with industry partners such as Microsoft, AWS, and Wiz, and has notified other suspected victims. Vercel has now released multiple product enhancements, and further investigation progress will be updated via security bulletins.