Meta suspends work with Mercor after security breach

Published: 4 April 2026
mercor logo leak
Mercor confirms impact by cyberattack. Image by Cybernews.

Meta has “indefinitely” paused all work with AI recruiting startup Mercor after a breach that attackers claim exposed several terabytes of data.

Two sources confirmed the news to WIRED, adding that the pause is indefinite. Contractors who depended on those Meta projects cannot log hours until, or if, they resume, which could effectively mean they’re out of work. Internal conversations reviewed by WIRED suggest that the company is looking for additional projects for those affected.

Mercor contractors have reportedly not been told why their Meta projects were being paused.

ADVERTISEMENT

Several other AI labs are also re-evaluating their relationship with Mercor as it investigates the incident, said people familiar with the matter.

jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News
Google News Follow us

The $10 billion AI startup Mercor supplies major AI companies like OpenAI, Meta, and Anthropic with specialized contractors to train and evaluate AI models. However, details about the specific projects and tasks involved are rarely disclosed amid heightened competition between tech giants.

A spokesperson told WIRED that OpenAI is investigating how its proprietary training data may have been exposed in the breach, adding that no user data has been affected. OpenAI has not paused its projects with Mercor.

On March 31st, Mercor confirmed the breach in a staff email: “There was a recent security incident that affected our systems along with thousands of other organizations worldwide.”

The company said it was impacted by a supply chain attack involving LiteLLM, a popular Python library used by AI developers, which was recently infected with credential harvesting malware. An attacker known as TeamPCP took credit for the breach, alleging it accessed 300GB of data from over 500,000 compromised systems.

Has your password leaked?

Enter your password to check if it has leaked. Having a leaked password creates the risk of identity theft, financial damages, and worse!
35,607,543,468
Exposed Passwords
Ad
Protect your personal information from cybercriminals and get 50% off the top-rated password manager
Learn More
link_title link_title

Lapsus$ hacker group claimed the Mercor attack, saying they accessed four terabytes of the company’s data, including an unnamed database weighing over 200GB and a 3TB drive containing video and verification data.

ADVERTISEMENT

Our research team attempted to investigate attacker claims, but at the time, the data was inaccessible.

The incident hints at a potential collaboration between TeamPCP and Lapsus$. TeamPCP earlier said it will partner with major illicit forums and ransomware gangs, planning to send invites to over 300,000 registered forum users to become ransomware affiliates.

Unlock more exclusive Cybernews content on YouTube.

Share
Post
Share
Share
Share
More from Cybernews
Meta has quietly shipped the technology needed for facial recognition glasses
Hackers getting an easy ride: misconfigured cloud settings behind growing number of data breaches
Anthropic claims AI is too fast and needs to hit the brakes: let’s take it with a pinch of salt
US lawmakers push new bill on AI safety, state law limits, worker protections
Pewdiepie declares war on big tech following the release of his free and local AI workspace
California tech CEO busted for selling forbidden US technology to Iran’s nuclear agency
ADVERTISEMENT
Leave a Reply

Your email address will not be published. Required fields are markedmarked