4TB of voice samples stolen from 40,000 AI contractors -- how to verify if yours is being weaponized

The extortion group Lapsus$ leaked roughly 4TB of data from Mercor, exposing voice recordings and government ID documents of over 40,000 AI training contractors. The combination creates a ready-made deepfake kit: studio-quality audio paired with verified identity documents. Documented attack vectors include bank voiceprint bypass, vishing employer HR/finance teams, deepfake video call fraud, insurance claim fraud, and family impersonation scams. Practical mitigation steps include auditing public audio, setting verbal codewords with family, deleting enrolled voiceprints from smart assistants and banks, disabling voice as a bank authentication factor, and running suspicious audio through forensic deepfake detectors. The post also describes forensic artifacts analysts look for in synthetic audio (codec mismatch, breath patterns, micro-jitter, formant trajectories, etc.) and promotes ORAVYS's detection service, offering three free checks to Mercor breach victims.