"Four terabytes of data have reportedly been stolen, including database records and source code. Allegedly stolen data has been published on a leak site, containing Slack information, internal ticketing data, and videos of conversations between Mercor's AI systems and contractors."
"Mercor told it was 'one of thousands of companies' impacted by the LiteLLM supply-chain incident, linked to TeamPCP, a hacking group. The group inserted malicious code into LiteLLM, harvesting credentials and spreading until it was discovered and removed."
"Extortion hacking group Lapsus$ has claimed responsibility for the breach. While it is not immediately clear how the group accessed the data, some speculate that TeamPCP and Lapsus$ have begun working together."
"Mercor states it moved to contain and remediate the incident upon discovery. Third-party forensics investigations have begun."
Mercor, an AI startup, announced a significant data breach involving 4 terabytes of stolen data, including Slack information, internal ticketing data, and videos of AI system conversations. The breach is connected to a supply chain attack involving LiteLLM, an open-source library. The extortion hacking group Lapsus$ claimed responsibility, with speculation about collaboration with TeamPCP, the group behind the malicious code insertion. Mercor has initiated containment and remediation efforts, along with third-party forensic investigations, to address the incident.
Read at Securitymagazine
Unable to calculate read time
Collection
[
|
...
]