After data breach, $10B valued startup Mercor is having a month | TechCrunch

Six months ago, Mercor was flying high after raising a massive $350 million Series C that valued the AI data training startup at $10 billion. But after admitting on March 31 that it was the target of a data breach, the company has been facing a world of trouble. Since then, a hacker group has claimed to have obtained 4TB of stolen data from Mercor’s systems, including candidate profiles, personally identifiable information, employer data, source code, and API keys. Mercor has not commented on the authenticity of the data, reiterating only that it is investigating and “will continue to communicate with our customers and contractors directly as appropriate and devote the resources necessary to resolving the matter as soon as possible.” Mercor said its data breach was the result of a hack of the open source tool LiteLLM. This tool is so popular that it’s downloaded millions of times a day. For 40 minutes, the tool harbored credential harvesting malware — rogue software that could steal login credentials. Those credentials were used to gain access to more software and accounts, which it used to harvest more credentials, and so on. While there have been no formal acknowledgments of how much data was scooped up from Mercor, there have been repercussions all the same. Meta has paused its contracts with Mercor indefinitely, sources told Wired. (Mercor declined to comment to TechCrunch about this.) Like other contract AI data training companies, Mercor handles some of the model mak...