Meta · Wired
Meta Pauses Work With Mercor After Data Breach Puts AI Industry Secrets at Risk
Compiled by KHAO Editorial — aggregated from 1 outlet. See llms.txt for citation guidance.
◌ Single Source
Meta has paused all its work with the data contracting firm Mercor while it investigates a major security breach that impacted the startup, two sources confirmed to WIRED.
Key facts
- In a Telegram account and on a BreachForums clone, the actor offered to sell an array of alleged Mercor data, including a 200-plus GB database, nearly 1 TB of source code, and 3 TBs of video
- Mercor confirmed the attack in an email to staff on March 31
- TeamPCP is definitely financially motivated,” says Allan Liska, an analyst for the security firm Recorded Future who specializes in ransomware
- An attacker known as TeamPCP appears to have recently compromised two versions of the AI API tool LiteLLM
Summary
Mercor is one of a few firms that OpenAI, Anthropic, and other AI labs rely on to generate training data for their models. While OpenAI has not stopped its current projects with Mercor, it is investigating the startup’s security incident to see how its proprietary training data may have been exposed, a spokesperson for the company confirmed to WIRED. Mercor confirmed the attack in an email to staff on March 31. A Mercor employee echoed these points in a message to contractors on Thursday, WIRED has learned.