OpenAI has confirmed a data breach affecting two employee devices after a supply-chain attack involving the TanStack library, with no user data or core systems compromised.
Employee Devices Impacted
On Wednesday, OpenAI detailed the breach, stating that an attack on the TanStack library led to the compromise of two employee devices. Despite this, the company emphasized in a blog post that there was no evidence of user data access, system compromise, or software alteration.
Details of the TanStack Attack
TanStack, an open source library for web app development, disclosed the attack on Monday. Hackers released 84 malicious software versions over a six-minute period, which were detected by a researcher within 20 minutes. These versions contained malware intended to steal credentials and self-propagate to other systems, as detailed in a postmortem by TanStack.
Limited Credential Theft
OpenAI reported unauthorized access and theft of credentials from a subset of internal code repositories accessible to the affected employees. The company is taking precautionary measures by rotating digital certificates used to sign its products, necessitating updates for macOS users to maintain security.
Uncertain Attacker Identity
The identity of the attackers remains unclear. Previous supply-chain attacks have been linked to the hacking group TeamPCP. In similar incidents, North Korean hackers targeted the Axios project in March, and Chinese hackers attacked Daemon Tools in May, both using similar tactics to infect developers with malware.
These attacks exploit open source projects to distribute malware disguised as routine updates, potentially affecting numerous targets with a single breach.
Source: https://techcrunch.com/2026/05/14/openai-says-hackers-stole-some-data-after-latest-code-security-issue/
