Mercor breach exposes 4TB voice samples from 40k AI contractors
Original: 4TB of voice samples just stolen from 40k AI contractors at Mercor
Why This Matters
First major breach combining voice biometrics with verified identity documents, enabling sophisticated voice cloning fraud
Extortion group Lapsus$ leaked 4TB of voice biometrics and ID documents from 40,000 Mercor AI contractors on April 4, 2026. The breach combines clean voice recordings with government IDs, enabling sophisticated voice cloning attacks.
The Mercor breach represents a new threat combining voice biometrics with identity documents. Contractors provided passport/license scans, webcam selfies, and 2-5 minute studio-quality voice recordings for AI training data labeling. Five lawsuits were filed within ten days, claiming deceptive biometric collection practices. The stolen data enables multiple attack vectors: bank verification bypass using voice clones, payroll redirection via impersonated employee calls to HR, deepfake video calls for financial fraud, and insurance claim scams. High-quality voice cloning now requires only 15 seconds of clean audio according to Wall Street Journal reporting, while Mercor recordings average 2-5 minutes per contractor.