Job Board Doctor Blog

Slings and Arrows From Every Side: Mercor, Adzuna, Talent.com, Aimwel and Jobcase.

NOTE: This post was updated on April 3rd, 2026 to reflect that Aimwel cut the job distribution service for a small portion, not all of their job board distribution clients. It was also updated to reinforce that layoffs at the time of posting are still unconfirmed from the companies and the percentage varies by company. 

Happy Friday Job Board Doctor friends!

TA tech vendors are taking slings and arrows from all sides right now and it has been a hell of a week.

Let’s dive in.

Mercor – The Breach That Should Keep Every Ta/HR Tech Buyer Up at Night

The $10 billion AI recruiting company just got hacked, and the entry point was not a phishing email or a weak password. It was a trusted tool that thousands of companies use every single day without thinking twice.

The short version

Mercor, an AI-powered recruiting platform that works with companies like OpenAI and Anthropic, confirmed it was hit by a massive data breach. Hackers claim they walked away with 4 terabytes of data including candidate profiles, identity verification documents, video interviews, source code, and system access credentials.

Mercor did not get hacked directly. The hackers used other tools used and trusted by Mercor to gain access.

The supply chain nobody was watching

You may be hearing that Mercor was part of a “supply chain” hack.  If this is new terminology for you, you are not alone.

Let’s take a quick side quest:

Think about how a car manufacturer works. It is not feasible for the manufacturer to make every part themselves. They rely on hundreds of suppliers for to make components.  So, if a bad actor wants to sabotage all the cars rolling off the line, they don’t need to attack the factory. They can poison a supplier’s parts before it arrives to be installed into the cars themselves.

Software works the same way. The AI features inside recruiting tools are not built from scratch. They are assembled from shared, pre-built components that the entire industry uses simultaneously. One of those shared components is a tool called LiteLLM, which acts as a universal connector between AI systems and the major AI providers like OpenAI, Anthropic, and Google. It sits at the center of a lot of AI infrastructure, which made it an irresistible target.

Back to the hack:

A sophisticated hacking group called TeamPCP did not attack Mercor directly. They went further upstream. First they broke into Trivy, a security scanning tool that developers use specifically to check their own software for vulnerabilities. Through that breach, they stole the master publishing key for LiteLLM and used it to push a poisoned version of the tool into the public repository where companies automatically download software updates.

Mercor’s systems did exactly what they were configured to do. They pulled the update. And the hack was off and running.

Why TA/HR tech buyers should care (and the vendors, too)

This was not an isolated incident.

LiteLLM is estimated to be running inside 36% of all AI cloud-based software environments, including companies like SAP.

As of this writing, it is estimated that over 1,000 SaaS companies updated the poisoned Python code during the 40-minute window it was live.

We should expect that number to grow significantly and there is no reason to assume no other HR/TA tech vendors will not have been impacted.

Mercor is just the first company to publicly confirm the breach. 

The data most at risk in an TA/HR tech breach is not only financial records, although Stripe is also a LiteLLM user so if your job board platform uses Stripe as a payment system you may want to check in with your vendor.

It is candidate profiles. Resumes. Identity documents. Video interviews. The deeply personal information that job seekers hand over in good faith, trusting that the platforms handling it have their security in order.

The AI recruiting stack is being built fast and on shared infrastructure

Here is what most TA/HR tech buyers do not realize: the AI features inside the recruiting tools they use every day are not unique to those vendors. They are built on the same shared components that much of the industry relies on at the same time.

When one of those shared components is compromised, the damage does not stop at one company. It, potentially, flows downstream to every product built on top of it, automatically, often before anyone realizes something has gone wrong.

Not because companies chose it deliberately, but because it gets pulled in quietly as part of other tools, without anyone being aware of it. This happens in despite of the numerous compliance, security and scanning protocols in place.

Vendors are under intense competitive pressure to ship AI features fast. That means building on shared components rather than creating everything in-house, and running automated systems that pull the latest software updates. The Mercor breach did not require a single moment of carelessness from a Mercor employee. Their systems did exactly what they were designed to do.

That is the point. Hackers have nothing, but time and opportunity. They only need to be successful once. Companies like Mercor have to win every battle. 

What to watch

More breach disclosures are coming. The investigation is ongoing, and the hacking group responsible has reportedly partnered with multiple extortion organizations to monetize what they collected.  If you work with AI-powered TA/HR tech vendors, now is the right time to ask them one simple question: what happens if a tool you depend on gets compromised?

Sources: TechCrunch, SecurityWeek, The Register, Kaspersky, Cloud Security Alliance, Help Net Security, Mandiant, (via The Register)

Layoffs 2026 Continue

Late last night, here in Portugal, I had multiple people reach out to report that there were a slew of layoffs in big programmatic players in our space, signaling further concern over the state of the industry.

Specifically, I am being told Adzuna has cut 30% of its staff after losing a large UK contract in place since 2018, Adzuna’s layoffs come just weeks after their March 23rd announcement of the acquisition of Trovit and Mitula expanding their EU presence.

Rumors inbound regarding Talent.com and Aimwel may some amount of their staff. Aimwel has also cut a job distribution solution for some, but not all niche/SME job boards. Creating an opportunity in the market for other vendors to step in to this role (who should perhaps be advertising on JobBoardDoctor.com).

As this is a late breaking development, I am still working to confirm with the companies directly and will happily (gleefully, in fact) retract this reporting if I am incorrect.

People Moves

Fred Goff Leaves JobCase

This week via LinkedIn, Fred Goff, Co-Founder and CEO of Jobcase, announced his departure after 12 years with the company. Goff hints new ventures are to come for him. In the meantime, rumors of potential acquisition have been inbound for months.

Do you think a Jobcase acquisition is in the works?

Either way, good luck to Fred, the Doc will be waiting to report on your next adventure!

Indeed Promotes Sean McSherry to CFO

CEO, Hisayuki, “Deko” Idekoba, continues to focus on rounding out his C-Suite. Indeed has promoted long-time Indeedian, Sean McSherry to the role of Chief Financial Officer.

The announcement comes as the company backtracks on single-source feed policy through multiple “exceptions”, cuts service levels to lower tiered agencies with only days notice, and rumors swirl of a large round of layoffs in the planning.

Final Thoughts

Like I said, it has been a week full of slings and arrows for TA tech.

I didn’t even get a chance to dive in to the Findem opt out investigation by the United States Senate, but fortunately others have had time to take a deeper dive. Check out: AimGroup and Chad and Cheese

If you have been impacted by the latest round of layoffs, reach out to me. I will share talent back on the market, keep my eyes open for new opportunities, or help anyway I can.

And as always, you know the drill, tell me what you think, what you know, anything I misstated or got wrong. We all learn together.

Until Next Time,

Julie “The Doc” Sowash

[Want to get Job Board Doctor posts via email? Subscribe here.]

[Got a tip, document or intel you want to share with the Doc? Tell me. Tip so hot you need it to be encrypted? Use Signal.]

Comments (0)

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back To Top
Search