AI
OpenAI confirms data theft in code supply chain attack
OpenAI says hackers stole limited credentials from internal code repositories after two employees were compromised in a supply chain attack.
Two OpenAI employees had their devices compromised in a supply chain attack that hit the open source library TanStack earlier this week, the company confirmed Wednesday. The breach led to unauthorized access and theft of credentials from a limited portion of internal source code repositories, though OpenAI said it found no evidence that user data, production systems, or intellectual property were accessed.
The attack on TanStack, a widely used open source library for building web applications, was disclosed Monday. Hackers published 84 malicious versions of the software within a six-minute window, according to TanStack’s post-mortem. A researcher detected the intrusion within 20 minutes. The malicious versions contained malware designed to steal credentials from infected computers and self-propagate to other systems.
Limited credential theft and certificate rotation
OpenAI stated that only “limited credential material” was taken from the code repositories accessible to the two affected employees. As a precaution, the company is rotating digital certificates stored in those repositories, which are used to sign OpenAI’s products. This rotation will require macOS users to update the app. “We have found no evidence of compromise or risk to existing software installations,” the company wrote in a blog post.
The AI giant also said that no evidence was found that its software was altered or that production systems were compromised. The company’s investigation concluded that the employee devices were impacted by the earlier TanStack attack.
Broader supply chain threat landscape
It remains unclear who orchestrated the TanStack attack. Some past supply chain hacks have been linked to a group known as TeamPCP, which has itself been targeted by other hackers. However, multiple groups have employed similar tactics. In March, North Korean hackers compromised Axios, a popular open source development tool, and pushed malware that could have infected millions of developers. In May, Chinese hackers were accused of a similar attack targeting thousands of Windows computers running Daemon Tools disc imaging software.
In these supply chain attacks, hackers take over open source projects and push malware disguised as routine updates, potentially compromising dozens of targets with a single breach and spreading damage across the internet.
