E don happen o! Big tech company Meta don pause all their work with one AI recruitment startup wey dem dey call Mercor. Na after Mercor suffer data breach wey hackers carry away plenty sensitive information. The breach happen last week, and e don cause plenty wahala for the startup wey dey worth $10 billion.
Mercor na company wey dey hire experts to help train AI models for big tech companies. Dem dey handle secret data sets and processes wey companies like Meta dey use to teach their artificial intelligence systems. Na why this breach dey serious pass.
According to reports wey come out, hackers manage to collect up to 4TB of data from Mercor system. Wetin dem carry include candidate profiles, personal information of people, employer data, source code, and even API keys. More serious na say face and voice biometrics of people dey among the stolen data.
Reality Defender CEO Ben Colman warn say this incident fit lead to wave of deepfake fraud. When criminals get people face and voice data, dem fit create fake videos and audio wey go look like the real person. Na serious matter for identity security.
Meta, wey be one of Mercor biggest clients, don pause all contracts with the startup indefinitely. Sources tell Wired say the social media giant no go continue working with Mercor until the matter settle. But Mercor decline to comment on this particular issue.
Interesting part na say OpenAI, another big AI company, say dem dey investigate their own exposure in the breach. But dem no pause their contracts with Mercor yet. TechCrunch hear say other large model makers dey consider whether to continue working with Mercor or not.
The breach happen through one popular open source tool wey dem dey call LiteLLM. This tool dey downloaded millions of times every day. For 40 minutes, the tool carry credential harvesting malware wey steal login details. Those stolen credentials then help hackers enter more software and accounts.
Five of Mercor contractors don file lawsuits over their personal data wey expose. Business Insider report say these contractors claim say their information dey among the stolen data. Mercor decline to comment on the lawsuits too.
One lawsuit even name LiteLLM and one compliance startup wey dem dey call Delve as defendants. The connection na say LiteLLM use Delve to get security certifications. But Delve don face allegations say dem fake data for security certifications. Delve deny the allegations but Y Combinator don cut ties with them.
LiteLLM don drop Delve and dey work with another AI compliance startup to get new security certifications. LiteLLM also publish complete report on the security incident. Mercor confirm say dem no be Delve customer.
Before this breach, Mercor dey fly high. Six months ago, dem raise $350 million Series C wey value the company at $10 billion. Anonymous source tell The Information say Mercor dey on pace to hit over $1 billion in annualized revenue this year before the data leak happen.
Even after Meta spend $14.3 billion on Mercor competitor Scale AI, dem still continue working with Mercor. This show how important Mercor work dey for Meta AI ambitions. But now the breach don shake everything.
The timing no good at all. Just as biometrics dey become more common for everyday things like phone unlocking and bank verification, this kind breach dey show the risks wey dey. Deepfake tools dey become stronger, and when criminals get real biometric data, dem fit do plenty damage.
For now, Mercor say dem dey investigate the breach and go continue to communicate with their customers and contractors. Dem promise to devote resources necessary to resolve the matter as soon as possible. But the damage don dey show already.
Do you have a news tip for NNN? Please email us at editor @ nnn.ng
