United States - Ekhbary News Agency
Mercor, the AI data training startup that soared to a $10 billion valuation just six months ago after a substantial $350 million Series C funding round, is now facing a turbulent period following its admission of a data breach on March 31. A hacker group has since claimed to have exfiltrated 4TB of sensitive information, including candidate profiles, personally identifiable information, employer data, source code, and API keys. While Mercor has not confirmed the authenticity of these claims, it has reiterated its commitment to a thorough investigation and direct communication with affected customers and contractors.
The breach was reportedly facilitated by a vulnerability in LiteLLM, a widely used open-source tool that briefly harbored credential-harvesting malware. This rogue software exploited login credentials to gain further access to Mercor's systems. The fallout has been significant: Meta has indefinitely paused its contracts with Mercor, and OpenAI is actively investigating its exposure, although it has not yet suspended services. Furthermore, five of Mercor's contractors have initiated lawsuits, alleging personal data exposure. These developments threaten Mercor's financial trajectory, which an anonymous source previously indicated was on track to exceed $1 billion in annualized revenue before the incident.
