4TB of voice samples just stolen from 40k AI contractors at Mercor

Posted by Oravys 1 day ago

4TB of voice samples just stolen from 40k AI contractors at Mercor(app.oravys.com)

570 points | 215 commentspage 3

amarcheschi 1 day ago|

I've been doing similar things on a different platform because as a uni student the pay is kinda nice, but I limit myself to task without voice/video and just input from mouse/keyboard to do reinforcement learning/data tagging. No way I'm trusting these companies or the companies they contract the work with

AntiUSAbah 23 hours ago||

I'm curious: if i create an online sample from my voice, might this make it a lot harder for an AI model to identify me if every trainingdata contains my particular voice sample?

throwaway67743 21 hours ago||

I saw the red flags immediately when I stumbled across them a year ago maybe. I'm really not surprised.

hedora 23 hours ago||

Isn’t this going to immediately become daily news?

Half the time I call a company they say “we are recording your voice for security / authentication purposes”.

The companies that do that have all the information on me that they require for me to set up an account, so their data breaches will be just like this one, but 1000x larger.

Can we just fast forward through the part where this works for ID theft, past the firefox age verification plugin that uses these datasets, and even through the part where people in the plugin dataset are digital outcasts (this voice has been used too many times. Want to try another?)

At the end of this dark predictable tunnel, maybe there will be a ban on biometrics for important stuff, a repeal of the age verification laws, and actual privacy legislation with teeth.

AtNightWeCode 22 hours ago||

Where I live there was a common scam to manipulate voice recordings from phone calls. I was very careful back then with phone calls when I ran my own business. Like 15 years ago. Kinda crazy that any service would use voice recognition today as stated.

josefritzishere 1 day ago||

This kind of event is the best argument against needless data hoarding. But it would help if the law better provided for some kind of consequences for negligence.

gyanchawdhary 19 hours ago||

im the founder of a company that runs deepfake phishing simulations for enterprises, so biased on this one .. but the operational thing the piece misses is that this is the first widely circulated dump where voice, govt ID and selfie all came from the same onboarding session i.e. most enterprise call center auth still treats those as 3 independent factors ..

The scarier piece is that an attacker pulls a contractor from the dump, finds their employer on linkedin, then calls that companys IT helpdesk for a password reset with the cloned voice.

Fwiw we put up a free realtime face swap demo a while back at https://www.callstrike.ai/deepfake-security-training .. worth a look if you want to actually feel how trivial this has gotten.

Oravys 6 hours ago|

Great point about the helpdesk vector. The LinkedIn-to-IT-reset path is a brilliant illustration of how social engineering chains work. And you're right that audio is the frontier video deepfake detection has gotten really good, lots of great tools out there. Audio is the next wave, and the teams building solutions for real-world call quality are going to unlock a massive market. Exciting space to be in.

squirrelon 22 hours ago||

40k people are not under thread, I am getting AI contractor job offers every month on UpWork, I am glad I haven't accepted more than one as it is just not worth to do.

jacquesm 1 day ago|

You could have seen this coming a mile away. So far I have gotten away with never uploading my ID and/or interacting with one of those companies (though one idiot working for some VC thought it was ok to sign a document on my behalf by uploading my signature!!, never mind a bit of fraud) but it is getting harder and harder. Banks and in some cases even governments forcing you to send data to these operators is a very bad idea. But hey, who ever got hurt by some security theater?

I've had to open a bank account for a company here a few years ago and that was right on the bubble of this happening and they still had an option to come by in person with the proper documentation, which I did, now it is all outsourced.

These companies are the fattest targets and they're run by incompetents. You should assume that anything you give them will eventually be part of some hack.

hiccuphippo 1 day ago||

Why is the ID a hidden secret that can be used for anything regarding security in the first place?

jacquesm 23 hours ago||

Because historically that's how it worked, but officials just looked at the document and verified that it was the real thing. Then photocopiers came along and it became normalized to take copies of the documents. Then digital copies happened and that changed things completely when coupled with networking technology. What the officials in charge don't seem to understand is that by making digital copies in networked environments the IDs themselves lost their value completely, after all if the digital copy serves any purpose at all as a stand-in for the original then they have become that original.

Schlagbohrer 1 day ago||

Tell us more about that fraud story! Was the person your attorney or accountant? Or just some "smart" person who decided to wisely save time by doing fraud?

jacquesm 23 hours ago||

It was a fund administrator. I still find it unbelievable that they would so casually do this. And yes, they thought they were very smart... and helpful too...

More comments...