AI recruiting firm Mercor hit by data breach

AI recruiting company Mercor revealed it was affected by the recent LiteLLM supply chain attack, in which hackers claimed to have stolen 4 terabytes of data.

The incident, which occurred on March 27, stemmed from a Trivy supply chain compromise a week earlier, News.Az reports, citing foreign media.

LiteLLM reported that the breach originated from a compromised maintainer’s credentials used in their CI/CD security scanning workflow.

The hacking group TeamPCP released two malicious LiteLLM PyPI package versions—1.82.7 and 1.82.8—available for about 40 minutes. These packages were likely automatically downloaded by thousands of organizations, including Mercor, due to LiteLLM’s presence in an estimated 36% of cloud environments.

Mercor stated on Wednesday, “We recently identified that we were one of thousands of companies impacted by a supply chain attack involving LiteLLM,” confirming its exposure to the breach.

“Our security team moved promptly to contain and remediate the incident. We are conducting a thorough investigation supported by leading third-party forensics experts,” Mercor added.

While the company has not shared details on the impact, the Lapsus$ extortion group listed Mercor on its leak site on Monday, claiming the theft of over 4TB of data.

Lapsus$ is auctioning the information, which allegedly includes candidate profiles, personally identifiable information, employer data, user accounts and credentials, video interviews, proprietary information, source code, keys and secrets, and TailScale VPN data.

News.Az 

By Nijat Babayev