{"id":3489007,"date":"2026-04-01T01:42:59","date_gmt":"2026-04-01T01:42:59","guid":{"rendered":"https:\/\/techingeek.com\/index.php\/2026\/04\/01\/mercor-reports-that-it-was-affected-by-a-cyber-attack-linked-to-the-breach-of-the-open-source-litellm-initiative\/"},"modified":"2026-04-01T01:42:59","modified_gmt":"2026-04-01T01:42:59","slug":"mercor-reports-that-it-was-affected-by-a-cyber-attack-linked-to-the-breach-of-the-open-source-litellm-initiative","status":"publish","type":"post","link":"https:\/\/techingeek.com\/index.php\/2026\/04\/01\/mercor-reports-that-it-was-affected-by-a-cyber-attack-linked-to-the-breach-of-the-open-source-litellm-initiative\/","title":{"rendered":"Mercor reports that it was affected by a cyber attack linked to the breach of the open-source LiteLLM initiative."},"content":{"rendered":"
<\/div>\n

Mercor, an AI recruiting firm of notable reputation, has reported a security breach linked to a supply chain attack involving the open-source initiative LiteLLM.<\/p>\n

On Tuesday, the AI company informed TechCrunch that it was \u201cone of numerous firms\u201d impacted by a recent breach of the LiteLLM project, which has ties to a hacking collective known as TeamPCP. The confirmation of this breach comes as the extortion hacker group Lapsus$ claimed to have targeted Mercor and accessed its information.<\/p>\n

It is currently uncertain how the Lapsus$ group acquired the compromised data from Mercor amid TeamPCP\u2019s cyber assault.<\/p>\n

Established in 2023, Mercor collaborates with organizations such as OpenAI and Anthropic to enhance AI models by hiring specialized domain experts, including scientists, doctors, and lawyers from regions such as India. The company claims to facilitate over $2 million in daily transactions and was assessed at $10 billion following a $350 million Series C funding round led by Felicis Ventures in October 2025.<\/p>\n

Mercor representative Heidi Hagberg confirmed to TechCrunch that the firm had \u201cacted swiftly\u201d to address and resolve the security issue.<\/p>\n

\u201cWe are undergoing a comprehensive investigation aided by top third-party forensic specialists,\u201d Hagberg stated. \u201cWe will maintain open communication with our clients and contractors directly as deemed appropriate and allocate the necessary resources to address the situation as quickly as possible.\u201d<\/p>\n

Previously, Lapsus$ took responsibility for the suspected data breach on its leaking platform and provided a sample of data supposedly obtained from Mercor, which TechCrunch examined. The sample contained material related to Slack data and what seemed to be ticketing information, along with two videos allegedly depicting dialogues between Mercor\u2019s AI frameworks and contractors on its platform.<\/p>\n

\n
\n

Techcrunch event<\/p>\n

\n

\n\t\t\t\t\t\t\t\t\tSan Francisco, CA<\/span>
\n\t\t\t\t\t\t\t\t\t\t\t\t\t|<\/span>
\n\t\t\t\t\t\t\t\t\t\t\t\t\tOctober 13-15, 2026<\/span>\n\t\t\t\t\t\t\t<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<\/div>\n

Hagberg chose not to respond to follow-up inquiries regarding whether the incident was associated with the assertions made by Lapsus$, or whether any data belonging to customers or contractors had been accessed, exfiltrated, or misappropriated.<\/p>\n

The compromise of LiteLLM initially came to light last week after malicious code was identified in a package tied to the Y Combinator-supported startup\u2019s open-source project. While the harmful code was detected and removed within hours, the event raised concerns due to LiteLLM\u2019s extensive adoption online, with the library downloaded millions of times daily, according to security firm Snyk. The occurrence also led LiteLLM to implement adjustments in its compliance measures, including a switch from the controversial startup Delve to Vanta for compliance certifications.<\/p>\n

It is still unclear how many businesses were impacted by the LiteLLM-related incident or if any data exposure took place, as investigations are ongoing.<\/p>\n","protected":false},"excerpt":{"rendered":"

<\/div>\n

Mercor, an AI recruiting firm of notable reputation, has reported a security breach linked to a supply chain attack involving the open-source initiative LiteLLM.<\/p>\n

On Tuesday, the AI company informed TechCrunch that it was \u201cone of numerous firms\u201d impacted by a recent breach of the LiteLLM project, which has ties to a hacking collective known as TeamPCP. The confirmation of this breach comes as the extortion hacker group Lapsus$ claimed to have targeted Mercor and accessed its information.<\/p>\n

It is currently uncertain how the Lapsus$ group acquired the compromised data from Mercor amid TeamPCP\u2019s cyber assault.<\/p>\n

Established in 2023, Mercor collaborates with organizations such as OpenAI and Anthropic to enhance AI models by hiring specialized domain experts, including scientists, doctors, and lawyers from regions such as India. The company claims to facilitate over $2 million in daily transactions and was assessed at $10 billion following a $350 million Series C funding round led by Felicis Ventures in October 2025.<\/p>\n

Mercor representative Heidi Hagberg confirmed to TechCrunch that the firm had \u201cacted swiftly\u201d to address and resolve the security issue.<\/p>\n

\u201cWe are undergoing a comprehensive investigation aided by top third-party forensic specialists,\u201d Hagberg stated. \u201cWe will maintain open communication with our clients and contractors directly as deemed appropriate and allocate the necessary resources to address the situation as quickly as possible.\u201d<\/p>\n

Previously, Lapsus$ took responsibility for the suspected data breach on its leaking platform and provided a sample of data supposedly obtained from Mercor, which TechCrunch examined. The sample contained material related to Slack data and what seemed to be ticketing information, along with two videos allegedly depicting dialogues between Mercor\u2019s AI frameworks and contractors on its platform.<\/p>\n

\n
\n

Techcrunch event<\/p>\n

\n

\n\t\t\t\t\t\t\t\t\tSan Francisco, CA<\/span>
\n\t\t\t\t\t\t\t\t\t\t\t\t\t|<\/span>
\n\t\t\t\t\t\t\t\t\t\t\t\t\tOctober 13-15, 2026<\/span>\n\t\t\t\t\t\t\t<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<\/div>\n

Hagberg chose not to respond to follow-up inquiries regarding whether the incident was associated with the assertions made by Lapsus$, or whether any data belonging to customers or contractors had been accessed, exfiltrated, or misappropriated.<\/p>\n

The compromise of LiteLLM initially came to light last week after malicious code was identified in a package tied to the Y Combinator-supported startup\u2019s open-source project. While the harmful code was detected and removed within hours, the event raised concerns due to LiteLLM\u2019s extensive adoption online, with the library downloaded millions of times daily, according to security firm Snyk. The occurrence also led LiteLLM to implement adjustments in its compliance measures, including a switch from the controversial startup Delve to Vanta for compliance certifications.<\/p>\n

It is still unclear how many businesses were impacted by the LiteLLM-related incident or if any data exposure took place, as investigations are ongoing.<\/p>\n","protected":false},"author":2,"featured_media":3489008,"comment_status":"open","ping_status":"closed","sticky":false,"template":"Default","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-3489007","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/techingeek.com\/index.php\/wp-json\/wp\/v2\/posts\/3489007"}],"collection":[{"href":"https:\/\/techingeek.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techingeek.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techingeek.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/techingeek.com\/index.php\/wp-json\/wp\/v2\/comments?post=3489007"}],"version-history":[{"count":0,"href":"https:\/\/techingeek.com\/index.php\/wp-json\/wp\/v2\/posts\/3489007\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/techingeek.com\/index.php\/wp-json\/wp\/v2\/media\/3489008"}],"wp:attachment":[{"href":"https:\/\/techingeek.com\/index.php\/wp-json\/wp\/v2\/media?parent=3489007"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techingeek.com\/index.php\/wp-json\/wp\/v2\/categories?post=3489007"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techingeek.com\/index.php\/wp-json\/wp\/v2\/tags?post=3489007"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}