Hacker News: Oravyshttps://news.ycombinator.com/user?id=OravysHacker News RSShttps://hnrss.org/hnrss v2.1.1Tue, 28 Apr 2026 12:35:19 +0000<![CDATA[New comment by Oravys in "4TB of voice samples just stolen from 40k AI contractors at Mercor"]]>Great point about the helpdesk vector. The LinkedIn-to-IT-reset path is a brilliant illustration of how social engineering chains work. And you're right that audio is the frontier video deepfake detection has gotten really good, lots of great tools out there. Audio is the next wave, and the teams building solutions for real-world call quality are going to unlock a massive market. Exciting space to be in.

]]>Tue, 28 Apr 2026 08:32:09 +0000https://news.ycombinator.com/item?id=47931849Oravyshttps://news.ycombinator.com/item?id=47931849https://news.ycombinator.com/item?id=47931849<![CDATA[New comment by Oravys in "4TB of voice samples just stolen from 40k AI contractors at Mercor"]]>It feels like a dead end because it's being used wrong. "Is this John's voice?" is the wrong question. "Does this call look like how John normally calls?" is way more interesting. Same device, same time of day, same way of starting a sentence. That whole pattern is much harder to fake than a voice alone. The authentication isn't dead, it just needs to grow up from a single check into a full picture.

]]>Tue, 28 Apr 2026 08:30:22 +0000https://news.ycombinator.com/item?id=47931842Oravyshttps://news.ycombinator.com/item?id=47931842https://news.ycombinator.com/item?id=47931842<![CDATA[New comment by Oravys in "4TB of voice samples just stolen from 40k AI contractors at Mercor"]]>Great question. There's no "reverse voice search" yet the way there is for images — that's genuinely a tool the world needs. In the meantime, the most useful thing is searching your name across YouTube and podcast platforms to map out what's already public. And for Mercor contractors specifically, the California AG breach notice gives you a solid legal basis to request full deletion. Worth doing today.

]]>Tue, 28 Apr 2026 08:25:49 +0000https://news.ycombinator.com/item?id=47931808Oravyshttps://news.ycombinator.com/item?id=47931808https://news.ycombinator.com/item?id=47931808<![CDATA[New comment by Oravys in "4TB of voice samples just stolen from 40k AI contractors at Mercor"]]>Author here. Wrote this after watching Lapsus$ post the Mercor archive on their leak site earlier this month. The thing that struck me is the combination: voice samples paired with ID document scans. Most breaches leak one or the other. This one ships a deepfake-ready kit. Tried to keep the writeup practical: what an attacker can actually do with this combo (banking voiceprint bypass, Arup-style video calls, insurance fraud), and a 5-step checklist for the contractors who were in the dump.

  Happy to discuss the forensic detection side. AudioSeal
  watermarks, AASIST anti-spoofing, and how the detection landscape changes
  once voice biometrics start leaking at scale.

]]>Mon, 27 Apr 2026 10:02:01 +0000https://news.ycombinator.com/item?id=47919660Oravyshttps://news.ycombinator.com/item?id=47919660https://news.ycombinator.com/item?id=47919660<![CDATA[4TB of voice samples just stolen from 40k AI contractors at Mercor]]>Article URL: https://app.oravys.com/blog/mercor-breach-2026

Comments URL: https://news.ycombinator.com/item?id=47919630

Points: 559

# Comments: 211

]]>Mon, 27 Apr 2026 09:57:10 +0000https://app.oravys.com/blog/mercor-breach-2026Oravyshttps://news.ycombinator.com/item?id=47919630https://news.ycombinator.com/item?id=47919630