AI Firm Mercor Confirms Breach as Hackers Claim 4TB of Stolen Data - Hackread

AI firm Mercor confirmed a breach stemming from a supply chain attack involving the open-source LiteLLM PyPI package, where attackers published malicious versions after compromising maintainer credentials. This incident led to the alleged theft of 4TB of sensitive data, including candidate profiles, PII, source code, and API keys, subsequently listed by the Lapsus$ extortion group.