The IT Nerd

As first reported by Wired on Friday, Meta has paused all work with AI data startup Mercor following a confirmed security breach linked to a supply chain attack involving the LiteLLM open-source project, which impacted thousands of organizations globally.

Mercor, which provides proprietary training data to major AI companies including Meta, OpenAI, and Anthropic, said it was among those affected and has launched an investigation with third-party forensic experts.

The breach raised concerns about potential exposure of sensitive AI training data and internal datasets, which are used to develop and fine-tune large language models. Reports indicate that Mercor’s systems were impacted as part of a broader compromise involving malicious updates to widely used AI tooling, though it remains unclear what specific data was accessed.

Michael Bell, Founder & CEO, Suzu Labs had this comment:

   “The Mercor breach is what happens when the companies building the most valuable AI models in the world outsource the creation of their training data to vendors running on Airtable and shared passwords. A single poisoned open-source package gave attackers VPN credentials, and from there they walked through Mercor’s systems and took 4TB of proprietary datasets, source code, and contractor PII.

   “We’ve been investigating these AI data vendors for months and found the same structural failures at Sama, Teleperformance, Scale AI, and Cognizant we see unrotated credentials, info-stealer infections on contractor endpoints, and access controls that don’t exist. The training data behind every major frontier model is sitting inside vendors that wouldn’t pass a basic security audit, and now that data is on an extortion site. This is a national security problem dressed up as a vendor management failure.”

Lydia Zhang, President & Co-Founder,Ridge Security Technology Inc. adds this comment:

   “This incident alerts us that AI training data should be treated as critical infrastructure, subject to stricter security scrutiny and regulation.

   “The breach also underscores the risks of relying directly on open-source projects in enterprise environments. Supply chain attacks, like the compromised LiteLLM library in this case, can introduce vulnerabilities at scale and expose highly sensitive data. 

   “At a minimum, enterprises should adopt thoroughly tested and commercially supported versions of such components, with stronger security guarantees and accountability.”

Noelle Murata, Sr. Security Engineer, Xcape, Inc. provided this comment:

   “Meta’s indefinite suspension of its partnership with Mercor underscores how the AI industry’s rush to outsource training data has effectively liquidated billions in proprietary methodology. By allowing a poisoned version of the LiteLLM gateway (versions 1.82.7 and 1.82.8) to persist in their environment, Mercor gifted attackers 4 TB of data, including the precise “secret sauce” protocols Meta and OpenAI use to tune their models.

   “This was not a sophisticated zero-day; it was a basic supply chain failure where a compromised security scanner (Trivy) was used to poison a niche dependency that nobody bothered to pin. For anyone surprised that an autonomous, interconnected AI stack would eventually expose sensitive data to the internet, the lesson is clear. 

   “If you are not auditing your data vendors for basic dependency hygiene, your IP is already public property. Defenders must immediately scan for litellm_init.pth files, which provide stealthy persistence on every Python startup, and rotate all LLM provider API keys and cloud tokens. Protecting training integrity now requires treating every AI data broker as a high-risk production endpoint and enforcing strict, pinned Software Bill of Materials (SBOM) standards.

   “If your AI supply chain is this leaky, you are not training a model; you are just broadcasting a technical manual to Lapsus$.”

Supply chain vulnerabilities are real. If your organization doesn’t take them seriously, your organization will get pwned. It’s as simple as that. And you can double that if AI is involved.

A recent incident at Meta shows how an AI agent provided guidance that led an engineer to unintentionally expose a large amount of sensitive internal data to employees for a short period of time.

While Meta confirmed the issue was contained and no external data was mishandled, the episode highlights a broader risk as AI agents become embedded in engineering workflows. These systems aren’t just generating suggestions, they’re influencing real actions inside environments that handle sensitive data.

Gidi Cohen, CEO & Co-founder, Bonfy.AI

“Meta’s incident is exactly what happens when you let agents loose on sensitive data without any real data-centric guardrails. This wasn’t some exotic AGI failure, it was a very simple pattern: an engineer asked an internal agent for help, the agent produced a “reasonable” plan, and that plan quietly exposed a huge amount of internal and user data to people who were never supposed to see it.

The problem is that neither the engineer nor the agent had any persistent notion of “who actually should see this data” beyond whatever happened to sit in a narrow context window at that moment. Traditional controls don’t help much here. Endpoint DLP, CASB, browser controls, even basic role-based permissions, none of them are watching the actual content as it moves through an agent’s reasoning steps and tool calls, especially when the agent is running as a system service in some framework.

Our view is simple: treat agents like very fast, very forgetful junior interns and make the data security layer smart enough to compensate. That means three things: constrain what data is even available to the agent via contextual labeling and grounding; give the agent a Bonfy MCP tool it can call inline to ask “is this safe to use or send in this context?” before it takes an action; and inspect what ultimately comes out of the workflow before it lands in email, chat, dashboards, or internal portals. In a Meta-style scenario, those controls would have either prevented the broad internal exposure entirely or at least shrunk the blast radius to something manageable.

As organizations “experiment at scale” with agents, the only sustainable path is to make agents first-class entities in the risk model and put the intelligence where it belongs: on the data that’s being read, composed, and shared, not just on the configuration screens of yet another AI tool.”

The thing is that when you expose AI anything to sensitive data, it can get out there. Samsung banned AI usage for that reason. Keep that in mind if you’re an organization that uses AI

People often ask my why I refuse to have a Facebook account. Or why I killed my Instagram account a few years ago. As well as why I haven’t got onto Threads. The answer is pretty simple. Meta, the company that owns all of those platforms are pretty evil and simply can’t be trusted. Here’s today’s example of why they can’t be trusted:

In 2016, Facebook launched a secret project designed to intercept and decrypt the network traffic between people using Snapchat’s app and its servers. The goal was to understand users’ behavior and help Facebook compete with Snapchat, according to newly unsealed court documents. Facebook called this “Project Ghostbusters,” in a clear reference to Snapchat’s ghost-like logo.

On Tuesday, a federal court in California released new documents discovered as part of the class action lawsuit between consumers and Meta, Facebook’s parent company.

The newly released documents reveal how Meta tried to gain a competitive advantage over its competitors, including Snapchat and later Amazon and YouTube, by analyzing the network traffic of how its users were interacting with Meta’s competitors. Given these apps’ use of encryption, Facebook needed to develop special technology to get around it.

One of the documents details Facebook’s Project Ghostbusters. The project was part of the company’s In-App Action Panel (IAPP) program, which used a technique for “intercepting and decrypting” encrypted app traffic from users of Snapchat, and later from users of YouTube and Amazon, the consumers’ lawyers wrote in the document.

The document includes internal Facebook emails discussing the project.

“Whenever someone asks a question about Snapchat, the answer is usually that because their traffic is encrypted we have no analytics about them,” Meta chief executive Mark Zuckerberg wrote in an email dated June 9, 2016, which was published as part of the lawsuit. “Given how quickly they’re growing, it seems important to figure out a new way to get reliable analytics about them. Perhaps we need to do panels or write custom software. You should figure out how to do this.”

Facebook’s engineers solution was to use Onavo, a VPN-like service that Facebook acquired in 2013. In 2019, Facebook shut down Onavo after a TechCrunch investigation revealed that Facebook had been secretly paying teenagers to use Onavo so the company could access all of their web activity.

If some of that sounds familiar, it should as I’ve written about Onavo before. But here’s the bottom line. Even for Meta, that’s a new low. And it illustrates how untrustworthy Mark Zuckerberg and Meta are. They clearly will stop at nothing to grab as much information about you as they can so that they can find new ways to make money. I for one refuse to be the product. Thus you will not see me use a Meta product for that reason. Meta is a company that needs some government intervention in the US because it’s clear from this example and others that they will not alter their behaviour unless they are forced to.

Business Today is reporting Meta files lawsuit against former VP over alleged data breach: Report. The complaint, filed on February 29 in California state court in Contra Costa County, asserts that Khurana illicitly transferred these documents to his personal Google Drive and Dropbox accounts just prior to his departure from Meta. Here’s the news brief:

Meta has initiated legal action against one of its former vice presidents, accusing him of a ”stunning” act of betrayal after he defected to an undisclosed AI cloud computing startup, as reported by Bloomberg.

Dipinder Singh Khurana, also known as T.S. Khurana, had been at Meta for 12 years, ascending to a senior position as VP of infrastructure. However, Meta alleges that Khurana breached his contract by absconding with a cache of proprietary, highly sensitive, and confidential documents relating to Meta’s business operations and personnel.

The complaint, filed on February 29 in California state court in Contra Costa County, asserts that Khurana illicitly transferred these documents to his personal Google Drive and Dropbox accounts just prior to his departure from Meta. Meta contends that Khurana’s actions were not only disloyal but also had tangible repercussions, as at least eight employees listed on the pilfered documents subsequently left Meta to join Khurana’s new venture last year.

“Khurana’s conduct while leaving Meta, and since then, reflects an utter disregard for his contractual and legal obligations,” the lawsuit states. A spokesperson for Meta told Bloomberg that the company ”takes this kind of egregious misconduct seriously” and will ”continue working to protect confidential business and employee information.”

Troy Batterberry, CEO, EchoMark had this comment:

   “Insider threats represent a significant and growing challenge for organizations, as made clear by the recent case involving an accused former Meta executive. The taking of confidential and proprietary information is not an uncommon situation, especially within enterprises and adequately protecting proprietary information and intellectual property is a prominent issue. The stark reality of what businesses face today regarding data security and insider threats highlights the need to safeguard sensitive information against unauthorized transfers. 

   “Whether or not there’s a breach of legal contract, the misconduct is a blatant misuse of privileged access and a breach of professional expectations and conduct. Actions that involve unauthorized sharing of sensitive information not only breach trust but also undermine the very foundation of an organization’s integrity and security. Incidents like these are not isolated and can have far-reaching consequences for any organization.”

Threats to your organization don’t come from some threat actor in China or Russia. They come from people you trust inside your organization. Thus you need to do everything possible to keep threats from outside and inside from affecting your business.

If you’re trying to get access to Facebook, Instagram or Messenger, good luck with that as all three services appear to be down based on downdetector.ca:

As it stands, you might not be able to log into any of these services, or you might have been forcefully logged out of those platforms. At this time there’s no ETA as to when this will be resolved.

I am also tracking other outages that might be happening at the moment and I will post a separate story once I confirm or deny that those services are working or not.

Meta who owns Facebook and Instagram put up a blog post saying that it will introduce an ad-free subscription option in the European Union, European Economic Area, and Switzerland in November:

To comply with evolving European regulations, we are introducing a new subscription option in the EU, EEA and Switzerland. In November, we will be offering people who use Facebook or Instagram and reside in these regions the choice to continue using these personalised services for free with ads, or subscribe to stop seeing ads. While people are subscribed, their information will not be used for ads. 

People in these countries will be able to subscribe for a fee to use our products without ads. Depending on where you purchase it will cost €9.99/month on the web or €12.99/month on iOS and Android. Regardless of where you purchase, the subscription will apply to all linked Facebook and Instagram accounts in a user’s Accounts Center. As is the case for many online subscriptions, the iOS and Android pricing take into account the fees that Apple and Google charge through respective purchasing policies. Until March 1, 2024, the initial subscription covers all linked accounts in a user’s Accounts Center. However, beginning March 1, 2024, an additional fee of €6/month on the web and €8/month on iOS and Android will apply for each additional account listed in a user’s Account Center.

Of course the only reason why Meta is doing this is to end years of litigation related to the fact that Meta tracked and profiled users for targeted ads in the EU. Something that it can no longer legally do. Now this isn’t available to users of Meta products anywhere else. And perhaps that’s a good thing because Meta’s essentially arguing that if you don’t want to be the product, you have to pay to use the product. Effectively, you have to pay for your privacy. I don’t know about you, but there’s something wrong about that.

From the “Meta might be in trouble here” department comes a lawsuit that has been filed by 41 states and DC which has a very interesting claim:

A federal lawsuit and parallel state lawsuits allege that Meta knowingly designed and deployed harmful features on Instagram and Facebook that purposefully addict children and teens.

The states also allege Meta routinely collects data on children under 13 without informing parents or obtaining parental consent.

“Its motive is profit, and in seeking to maximize its financial gains, Meta has repeatedly misled the public about the substantial dangers of its Social Media Platforms,” the lawsuit said. “It has concealed the ways in which these Platforms exploit and manipulate its most vulnerable consumers: teenagers and children. And it has ignored the sweeping damage these Platforms have caused to the mental and physical health of our nation’s youth. In doing so, Meta engaged in, and continues to engage in, deceptive and unlawful conduct in violation of state and federal law.”

According to this story, the lawsuits are intended to force Meta who owns Facebook and Instagram to change their products to stop this from happening. Seeing as Meta is known to have products that collect all sorts of data about you to monetize it in any way they can, these lawsuits are a direct threat to their business model. Thus you can be sure that Mark Zuckerberg is freaking right now while tying to figure out how not to be taken to the woodshed if these lawsuits go to trial.

This will be a fun one to watch.

Facebook is dismantling a significant and highly sophisticated disinformation network supporting the People’s Republic of China (PRC).

Meta, the parent company of Facebook, announced that it had identified connections between individuals linked to Chinese law enforcement and a long-standing yet largely ineffective pro-China “Spamouflage” influence campaign. “We assess that it’s the largest, though unsuccessful, and most prolific covert influence operation that we know of in the world today,” said Meta Global Threat Intelligence Lead Ben Nimmo.

In its quarterly security report, the social media giant disclosed that it had taken down approximately 7,700 Facebook accounts and numerous pages, groups, and Instagram accounts associated with this campaign. Some aspects of this operation had been active since 2018.

Meta said these fake accounts are managed from various regions within China, but they shared common digital infrastructure and followed apparent work schedules, including designated breaks for lunch and dinner based on Beijing time.

The campaign was active on more than 50 platforms and forums, including Facebook, Instagram, X (formerly Twitter), YouTube, TikTok, Reddit, Pinterest, Medium, Blogspot, LiveJournal, VKontakte, Vimeo, and dozens of additional smaller platforms and forums.

Jason Keirstead, VP of Collective Threat Defense, Cyware had this comment:

   “One of the ways in which social media companies could more effectively combat disinformation campaigns is through more effective collaboration and coordination, made possible by using frameworks such as those provided by the DISARM foundation (https://www.disarm.foundation/). Cybersecurity practitioners should be encouraging large social media companies to become more actively involved in the work of the foundation, and of the disinformation sharing standards it supports such as DAD-CDM (https://github.com/DAD-CDM). Development and support of these standards will allow government and industry to work together to combat disinformation campaigns more effectively.”

David Mitchell, Chief Technical Officer, HYAS:

   “China appears to be playing a PR campaign to shine their activities in a positive light, especially when it comes to Taiwan and human rights. While this campaign doesn’t appear to have made an impact, it shows that they are tuning their capabilities to mimic what the Russians have previously pulled off. 

   “Based on the ties to Chinese law enforcement, this also could be an op to target and identify ex-pats overseas that do not agree with their views — potentially to relay to the Chinese police stations discovered in US and other cities. 

   “Security personnel, whether executive level or operators, should pay attention to disinformation campaigns just as they would an attack campaign. Disinformation can target a company (Anheuser-Busch InBev) and the links may also include phishing or malware that employees may click on, if the targeted message fits their views.”

   “While it is fantastic that Meta is finally taking a proactive stance against disinformation campaigns, this problem is going to continue to get worse during geo-political strife and election seasons. Because these platforms do not verify the identity of accounts, nor charge for their services, they are rife for coordinated nation state abuse. Dealing with these campaigns will always be a global form of whack-a-mole and will not change until social media networks change how they are monetized & valued – just a few dollars per user per month significantly increases the barrier to entry for malicious actors.”

Every social media platform needs to step up and do more to combat this sort of disinformation. If Facebook/Meta can do this, there’s zero excuse for other platforms to not do so as well.

Meta’s Twitter killer Threads is now live in most parts of the world. I did think about getting a Threads account just to test it out and joining the 10 million or so users who apparently signed up in the last 10 hours or so. But I have to admit that I have thought twice about doing so and will avoid it like Superman avoids Kryptonite. Here’s why:

• Privacy: As I have mentioned before, Threads appears to be a privacy nightmare. So much so, that Threads didn’t launch in the EU as I am guessing that Meta didn’t want to get smacked by the EU. Given those facts, and Meta’s past behaviour, I would suggest that this is a key reason to avoid Threads.
• Threads was rushed to market: This isn’t a shock as Meta is clearly trying to get something out there to try and kill Twitter. 9to5Mac has a list of some of the notable omissions and failings of Threads. Including the fact that you can’t delete your account without deleting your Instagram account which I think may not an omission but a deliberate design decision. Some of the design issues may change over time, but clearly on top of Threads users being the product as is typical for any Meta product, they’re also beta testers.

There’s one other reason that I am avoiding Threads. We’ve kind of seen this sort of thing before with Google+. If you don’t remember Google+, this will help you to get up to speed. Google+ signed up millions of users very quickly in 2011, but was dead by 2019 as Facebook and other social networks became more popular that it. Thus Threads might be “the new hotness” at the moment. But it doesn’t mean that it will be “the new hotness” long term.

Having said all of that, Threads is a serious threat to Twitter and Elon Musk. And I am sure that Elon is very concerned as he’s shot himself in the foot so many times, it likely won’t take much for a Twitter competitor to come in and yank the rug out from under him. I just question if Threads is the one to do just that. And I most certainly won’t get an account to find out.