Mercor says it was hit by cyberattack tied to compromise LiteLLM
136 points by jackson-mcd
by nope1000
1 subcomments
> The incident also prompted LiteLLM to make changes to its compliance processes, including shifting from controversial startup Delve to Vanta for compliance certifications.
This is pretty funny.
The leaked excel sheet with customers of Delve is basically a shortlist of targets for hackers to try now. Not that they necessarily have bad security, but you can play the odds
by CafeRacer
3 subcomments
I am genuinely wonder if anyone have had success landing gigs at Mercor.
by robshippr
2 subcomments
Second major supply chain compromise in a week after the axios npm attack. 40 minutes and 500k machines affected. SOC2 won't catch this. The real question is whether your CI pipeline would have flagged a dependency change that happened between your last build and the one going to prod. Most teams have no visibility into that window at all.
by sharadov
1 subcomments
Could not happened to a more usurious company.
by n1tro_lab
0 subcomment
The malicious LiteLLM versions were live for 40 minutes. Wiz estimates 500,000 machines were affected. LiteLLM is present in 36% of cloud environments. Forty minutes was enough.
by cat-whisperer
1 subcomments
all leaks are tied together
by aservus
3 subcomments
This is a good reminder that any tool handling sensitive data — even internal ones — needs to be transparent about where data goes. The assumption that SaaS tools protect your data is getting harder to defend.
Hacker News