4TB of voice samples just stolen from 40k AI contractors at Mercor (app.oravys.com)

In a significant data breach, an extortion group known as Lapsus$ has leaked approximately 4TB of voice samples belonging to 40,000 contractors associated with AI training firm Mercor. These voice samples were collected as part of a rigorous onboarding process that included the submission of government-issued ID documents, webcams, and professional audio recordings. This particular breach stands out as it combines both voice biometrics and personal identification, presenting unique risks for identity theft and fraud, especially with high-quality voice cloning tools now readily accessible. The leaked data has serious implications for security, as attackers can leverage synthetic voice technology for activities such as bypassing bank security measures that utilize voiceprints, committing fraud through impersonation, and executing deepfake scams. In a world where voice is increasingly used for identity verification, the availability of both clean audio samples and verified identities drastically enhances the effectiveness of phishing attempts. The situation urges those affected to audit their audio footprint, implement verbal codewords with trusted contacts, and reconsider their use of voice-based verification with institutions. Resources such as ORAVYS are available for free forensic checks of voice samples to help victims assess their exposure.