The incident, stemming from a recent supply chain attack on the open-source LiteLLM project, has exposed proprietary source code, internal databases, and massive amounts of user-verification data.
The hacking collective Lapsus$ has listed Mercor’s platform data for a live auction on the dark web, prompting interested buyers to “make an offer”. The threat actors claim to have exfiltrated the entirety of the 4-terabyte dataset by breaching the company’s Tailscale VPN.
The extensively detailed stolen cache reportedly includes 939GB of platform source code, a 211GB user database, and 3TB of storage buckets containing video interviews and identity verification passports.
In response to the extortion attempts, Mercor AI released a public statement emphasizing that the privacy and security of their customers and contractors remain their foundational priority. The company clarified that the breach was the direct result of a widespread supply chain attack involving the open-source routing library LiteLLM.
Mercor’s security team promptly contained the incident and is currently conducting a comprehensive investigation alongside leading third-party forensics experts.
The root cause of Mercor’s breach traces back to late March 2026, when a threat actor known as TeamPCP compromised the PyPI publishing credentials for the LiteLLM library.
TeamPCP injected a three-stage malicious backdoor into versions 1.82.7 and 1.82.8, which was designed to harvest credentials and establish persistent system access. Because LiteLLM is widely integrated into AI applications, the malware executed immediately upon installation and impacted thousands of unsuspecting organizations.
Founded in 2023, Mercor operates a highly successful AI recruitment platform that claims over $500 million in revenue and connects specialized domain experts with major AI firms like OpenAI and Anthropic.
The startup facilitates over $2 million in daily payouts and now faces significant operational risks due to the exposure of its contractors’ personal information.
The leak of internal AI source code and sensitive KYC materials poses severe security implications for both the $10 billion platform and its extensive user base.
Lapsus$ is a well-known cybercrime syndicate with a history of targeting high-profile technology companies using aggressive extortion tactics. The group frequently uses public data leaks and dark web auctions to pressure victims into paying ransoms after initial private negotiations fail.
Their involvement in the Mercor AI breach highlights a continuing trend of threat actors exploiting upstream supply chain vulnerabilities to access massive downstream corporate datasets.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post Mercor AI Confirms Data Breach Following Lapsus$ Claims of 4TB Data Theft appeared first on Cyber Security News.
JOHNSON COUNTY, Ind. (WOWO) — Residents and emergency crews are working through the aftermath of…
INDIANAPOLIS, Ind. (WOWO) — On Tuesday, Indiana Governor Mike Braun announced IN AI. “IN AI…
James Comey speaks onstage at 92NY on May 30, 2023 in New York City. (Photo…
Some residents and city leaders pushing back on a housing development project slated across from…
More Stranger Things adventures are on the way, as Netflix is renewing the animated spin-off…
A Rockford Police Officer has been charged with driving under the influence.
This website uses cookies.