Mercor's 4TB AI Data Heist: How a Poisoned Proxy Cracked Open Silicon Valley's Biometric Vault

A supply-chain attack on an open-source AI tool has left Mercor, the $10 billion startup fueling models for OpenAI, Anthropic, and Meta, exposed. Hackers snatched 4 terabytes of contractor data -- voice samples, passports, facial scans, source code. Lapsus$ posted it on their leak site April 4, 2026. Within days, lawsuits piled up. Contractors claim Mercor hoarded their biometrics without clear warnings.

The breach started March 27. TeamPCP compromised LiteLLM, a proxy downloaded millions of times daily for routing calls to large language models. For 40 minutes, two versions harbored credential-stealing malware. It grabbed SSH keys, cloud tokens, everything in .env files. Attackers pivoted. Lateral movement through infected systems. Mercor got hit hard.

TechCrunch broke the confirmation March 31. Mercor told staff and posted on LinkedIn and X: "We recently identified that we were one of thousands of companies impacted by a supply chain attack involving LiteLLM." TechCrunch. But the damage ran deeper. Lapsus$ claimed 939 GB of platform source code. 211 GB user database. 3 TB video interviews and identity docs. SSNs. TailScale VPN configs. Slack chats.

Biometrics Become the Perfect Weapon

Here's the nightmare fuel. Over 40,000 contractors recorded two-to-five-minute voice samples in quiet rooms. Paired with passport scans, driver's licenses, webcam selfies. Off-the-shelf cloners need 15 seconds of clean audio. This? Goldmine. Bank voice gates bypassed. Vishing on bosses -- dozens confirmed since 2023. Deepfake calls like Arup's $25 million wire fraud in 2024. Insurance scams up 475% in 2025, per Pindrop.

ORAVYS detailed the trove. "Voice biometrics paired with government-issued identity documents." ORAVYS. FBI IC3 pegs elder scams at $2.3 billion in 2026 losses, emergency impersonation surging. Victims scramble: audit public audio. Set verbal codewords. Rotate voiceprints where possible. Disable bank voice auth. Forensic scans for codec mismatches, flat prosody.

Fortune called it a supply-chain hit on LiteLLM. Mercor supplies AI training data. Now their vaults feed fraud. Fortune.

Lawsuits erupted. At least seven class-actions by April 23. Filed in California and Texas federal courts. Plaintiffs: contractors whose interviews, biometrics, screen grabs leaked. One suit alleges Mercor shared background checks with partners, violating federal rules. Another frames it as fallout from AI hiring tools -- automated interviews turned full employment dossiers into hacker bait.

Wall Street Journal: "Mercor faces at least seven class-action lawsuits after a data breach exposed contractor information." Company statement: "We take the privacy of our customers, contractors, employees and those we interview very seriously, and we comply with all relevant laws and regulations." Wall Street Journal. Business Insider tallied five in one week. Business Insider.

Clients Flee, Ripples Spread

Meta paused all work. Indefinite. Sources told Wired: breach risked AI industry secrets -- training methodologies. Wired. Staffing Industry Analysts noted the social post. Others reassess. Anthropic? Their Mythos model -- zero-day hunter, unreleased for danger -- got accessed via leaked Mercor contractor creds. Discord group guessed URL from naming leaks, walked in.

Strikegraph mapped the chain: Trivy scanner compromised first, then LiteLLM poisoned. Delve Technologies, LiteLLM's security certifier, collapsed amid "fake compliance" claims. One suit names Mercor, LiteLLM, Delve. Strikegraph.

TechCrunch followed up April 9: Mercor's having a month. $350 million Series C last October quintupled valuation to $10 billion. Now trouble. Hacker samples showed Slack, ticketing, AI chats. TechCrunch.

And the X chatter? HalbornSecurity sketched the vector: Trivy to LiteLLM infostealer to internals. 4TB haul included AI training methods from big labs. Users warn of deepfakes from Mercor's video trove -- faces, voices, expressions labeled for clones.

Mercor contained it, they say. Investigating. But biometrics don't expire. Supply chains? Fragile as ever. Thousands hit via LiteLLM. PyPI uploads without GitHub tags. Devs piping prod creds to AI coders. North Koreans posing as hires via platforms like this, per CrowdStrike -- laptop farms bypassing controls.

One breach. Permanent shadows. Contractors can't reset faces or voices. Labs scramble for clean data. Fraud rings celebrate. AI's data hunger just got a lot hungrier -- and a lot riskier.