AI recruiting firm Mercor hit by data breach | News.az

AI recruiting company Mercor revealed it was affected by the recent LiteLLM supply chain attack, in which hackers claimed to have stolen 4 terabytes of data.

The incident, which occurred on March 27, stemmed from a Trivy supply chain compromise a week earlier, News.Az reports, citing foreign media.

LiteLLM reported that the breach originated from a compromised maintainer's credentials used in their CI/CD security scanning workflow.

The hacking group TeamPCP released two malicious LiteLLM PyPI package versions -- 1.82.7 and 1.82.8 -- available for about 40 minutes. These packages were likely automatically downloaded by thousands of organizations, including Mercor, due to LiteLLM's presence in an estimated 36% of cloud environments.

Mercor stated on Wednesday, "We recently identified that we were one of thousands of companies impacted by a supply chain attack involving LiteLLM," confirming its exposure to the breach.

"Our security team moved promptly to contain and remediate the incident. We are conducting a thorough investigation supported by leading third-party forensics experts," Mercor added.

While the company has not shared details on the impact, the Lapsus$ extortion group listed Mercor on its leak site on Monday, claiming the theft of over 4TB of data.

Lapsus$ is auctioning the information, which allegedly includes candidate profiles, personally identifiable information, employer data, user accounts and credentials, video interviews, proprietary information, source code, keys and secrets, and TailScale VPN data.