Overview
- Meta paused its projects with Mercor while it reviews the breach, a step reported by WIRED and Business Insider that has left some contractors on Meta work unable to log hours.
- OpenAI said it is continuing its Mercor projects but is investigating whether any of its proprietary training data was exposed.
- Mercor said it was one of thousands affected by a LiteLLM compromise and brought in third‑party forensics after moving to contain the incident.
- The extortion group Lapsus$ claimed it is selling roughly 4 TB of Mercor data, but researchers and the company have not verified the scope or authenticity.
- Security teams link Mercor’s breach to a broader TeamPCP operation that first hit the Trivy scanner and briefly pushed malicious LiteLLM PyPI releases, a chain researchers say enabled rapid credential theft and widespread downstream access.