Yes, Mercor Got Hacked. No, You Shouldn't Stop Using It.
After the Mercor Data Breach: Your Questions, My Answers
You’ve probably seen the headlines. On March 31, Mercor, the AI hiring platform I’ve been earning on for over six months, confirmed a major data breach. The hacking group LAPSUS$ claimed responsibility, saying they exploited a vulnerability in Mercor’s VPN infrastructure and walked away with roughly 4TB of data: source code, AI interview recordings, Slack logs, and potentially contractor banking and tax information.
Y Combinator CEO Garry Tan called it “a major national security issue” on X. Reddit threads on r/mercor_ai blew up overnight. The stolen data is reportedly being auctioned on the dark web.
I am not going to sugarcoat this. It is a serious incident.
But here is what I will say after six months on the platform, earning over $37k and ranking in the top 10% of contributors:
Mercor is still one of the best ways to make real money with your expertise, from anywhere in the world. Breaches happen to companies of every size. Remember the Microsoft, LastPass, and even the National Public Data incidents? What matters now is how Mercor responds, and whether the fundamentals of the opportunity have changed. They have not. AI labs still desperately need human experts for training data, and the pay still reflects that urgency.
If you are already on the platform, change your passwords immediately, enable two-factor authentication, and monitor your bank accounts closely over the next few months. If you are thinking about joining, do not let one security event scare you away from a genuinely transformative income stream.
And while we are on the topic, I want to encourage you to keep an open mind about the broader ecosystem. Mercor is excellent, but it is not the only game in town. Platforms like Micro1 and Surge AI offer similar opportunities connecting domain experts with AI labs. Diversifying across multiple platforms is smart for both income stability and risk management, especially in moments like this.
Now let me answer the questions I have been getting most from readers.
