On April 4, the extortion group Lapsus$ posted a 4 TB dump from AI‑training platform Mercor on its leak site. The archive contains voice recordings and scanned government IDs for more than 40,000 contractors who performed labeling, reading passages, and verification calls. Analysts say the combination of clean audio and verified identity data creates a perfect feed for synthetic‑voice services.

Typical voice leaks involve either raw call recordings without personal IDs or document dumps lacking audio. Mercor’s onboarding process required a passport or driver’s license scan, a webcam selfie, then a reading of prompts, storing all three in a single row. With average clips of two to five minutes, attackers exceed the fifteen‑second threshold needed for high‑quality cloning, pairing each clone with a legitimate ID.

Armed with a convincing voice and a government ID, criminals can bypass bank voice‑print checks, execute vishing scams against employers, and forge deep‑fake video calls that have moved millions. Victims should audit public audio, replace voice‑print enrollments, and set up verbal passphrases with contacts. ORAVYS now offers free forensic analysis of up to three suspect samples for anyone listed in the Mercor breach.