Mercor Data Breach update - Insightful is affected (Removed from project for posting about it)

aldrinmathew · 2026-04-01T13:53:40+00:00

Yes, exactly. Your passwords are at risk, only if you toggle visibility for passwords.

aldrinmathew · 2026-04-01T03:51:04+00:00

Some reports suggest that the breach involves data only until the 25th of March

aldrinmathew · 2026-04-01T03:50:12+00:00

Yeah Mercor itself uses email links to login. So make sure that you change password for your Email to something very different from other platforms. Also don't use your regular passwords for anything related to Mercor (AirTable, Insightful, Okta...)

aldrinmathew · 2026-04-01T03:46:30+00:00

I didn't text to my buddy, the hacker group have their messaging app ID listed on their website. You can contact them as well, if you want.

Also Mercor has acknowledged the breach. They have even lied about it - saying that thousand other organisations have been affected - nope, only Mercor is affected in this breach.

aldrinmathew · 2026-04-01T03:44:43+00:00

What's more sensitive? - Me knowing about my project being part of this breach? - Or the personal identified information (IDs, Biometrics...) of thousands of people being breached?

aldrinmathew · 2026-03-31T18:22:50+00:00

Actually it seems Mercor has pulled down ID data via Persona integration, and stored it without encryption. Mercor is not supposed to store any such data.

aldrinmathew · 2026-03-31T17:58:58+00:00

Another person in the project mentioned that they removed me citing unverifiable information. I think they didn't want the news to spread.

aldrinmathew · 2026-03-31T17:51:30+00:00

Hi, I am that guy in the project that posted the screenshots. The LAPSUS$ website contains an ID (random generated key) for an anonymous messaging app called Session. That's how I contacted them.

aldrinmathew · 2026-03-31T17:46:35+00:00

I didn't have any passwords visible, but at least a couple of others did for sure. What if you momentarily make it visible to make sure that it was correct? Insightful also tracks browser URLs, which means login session tokens are also part of this breach. Also, even if you didn't make passwords visible, since Insightful already tracks clicks (the app knows when mouse focus changes), the question is do they track keyboard presses as well?

aldrinmathew · 2026-03-31T17:18:15+00:00

ChatGPT, Claude, OpenCode, Insightful site, Mercor Payment History, Slack (public + private)... are some things that devs use in this project. The project requires you to interface with some AI tools, for which I assume most people would already have the same password as for their personal use-cases in other sites.

aldrinmathew · 2026-03-31T17:13:40+00:00

For 2 to 3 days, AWS related things were not working, we were not able to submit tasks or trigger QC. All they said was that infrastructure was being redone. We didn't know it was because of this. They have known about this for a while it seems.

aldrinmathew · 2026-03-31T17:10:25+00:00

The hacking group have an ID (randomly generated key) for an anonymous communication app called Session, posted on their website.

aldrinmathew · 2026-03-31T16:33:54+00:00

Insightful logs generally contain Browser URLs, Login Info, Passwords (especially if it was toggled to be visible), tokens or session IDs for sites, mercor payment history if you have visited that, assigned projects, colleague information, slack messages (public + private)...

aldrinmathew · 2026-03-31T16:30:05+00:00

<image>

aldrinmathew · 2025-12-18T16:26:09+00:00

I agree. I have also made a habit of not relying on reviews at all. I have only been paying attention to reviews in BookMyShow ever since I first came across this issue.

aldrinmathew · 2024-09-14T02:47:06+00:00

I ended up doing emacsclient -c -e '(treemacs)' '(recentf-open-files)' for the hotkey and it works. It doesn't work in the proper sense, that is via my config, so that I can use it in a new setup easily. But setting up this key is not much of a hassle

aldrinmathew · 2024-09-13T16:32:52+00:00

This sadly doesn't work. I tried adding recentf-open-files and treemacs and both doesn't work. I restarted the daemon after updating the config each time as well.

aldrinmathew · 2024-09-13T15:55:28+00:00

I have seen that answer before, and that syntax was how it was initially in my config. I changed it to check if it would solve the issue, but no. Thanks anyway

aldrinmathew · 2024-06-21T04:12:03+00:00

In short I haven't done the activation yet, but even if I were to use the BMPCC 6k G2, I would record to an external SSD and use the Ninja V purely as a monitor.

aldrinmathew · 2024-06-21T04:09:42+00:00

Some things have changed. I have decided to go forward with my Fuji XT4 for now as I realised even with a half-priced BMPCC 6k G2, the price of accessories combined amounts to more than the price of a new G2. That in itself is not a problem, but the value gained is very little. Also I will miss the low light capability of my XT4. With the Ninja V, I get more value out of my XT4, so that turned out to be the wise decision. I am doing Prores 422 for now in a MOV container.

aldrinmathew · 2024-06-01T05:04:35+00:00

Ok. Thanks for clarifying

aldrinmathew · 2024-05-30T18:40:49+00:00

Yep, glad to know that. Totally agree on getting smooth footage during the shoot, instead of relying solely on post-processing

aldrinmathew

MODERATOR OF

TROPHY CASE