The hacking group Lapsus$ has put Mercor's platform data up for auction on the dark web, where interested buyers can "make an offer." Threat actors say they stole the whole 4-terabyte dataset by breaking into the company's Tailscale VPN This article explores breach shows hackers. .

The leak of sensitive KYC documents and internal AI source code is a big security risk for both the $10 billion platform and its many users. Mercor is a very successful AI recruitment platform that makes more than $500 million a year. It connects domain experts with big companies like OpenAI and Anthropic. The startup pays out more than $2 million every day, but now it has a lot of operational risks because its contractors' personal information is out there.

The company said that the breach happened because a lot of people attacked LiteLLM, an open-source routing library, in the supply chain. We want to make it clear that we will always protect the privacy and safety of our clients and contractors. Our security team acted quickly to contain and lessen the damage from the breach that happened on March 31, 2026.

The breach shows that more and more hackers are using weaknesses in the upstream supply chain to get to huge corporate datasets downstream. LinkedIn and X.Org send out daily cybersecurity tips to keep you up to date. If you want to tell us your story, get in touch with us. For more tips and stories about cybersecurity, keep an eye on X.org and LinkedIn.