OpenAI says no user data breached after security issue with open-source library
OpenAI said on Wednesday it found no evidence that its user data was accessed after a security issue involving a supply-chain attack on TanStack npm, an open-source library.
May 14 (Reuters) - OpenAI said on Wednesday it found no evidence that its user data was accessed after a security issue involving a supply-chain attack on TanStack npm, an open-source library.
Here are some details:
• The ChatGPT-maker said it found no evidence that its production systems or intellectual property were compromised, or that their software was altered
• OpenAI said two employee devices in its corporate environment were impacted after TanStack, a widely used open-source library, got compromised earlier this week
• Limited credential material was exfiltrated from these code repositories and no other information or code was impacted, OpenAI said
• The AI firm said that it isolated the impacted systems immediately after the attack and temporarily restricted code-deployment workflows, to contain impact
• OpenAI said it is rotating code-signing certificates, which would require macOS users to update their applications
• OpenAI did not immediately respond to a Reuters request for further details
(Reporting by Gnaneshwar Rajan in Bengaluru; Editing by Mrigank Dhaniwala)
teiss Team
Most Viewed
New rules, rising threats: why lean IT teams must rethink cyber-securitySponsored by CORO CYBER SECURITY
Don’t allow AI experiments to become quiet business risksSponsored by alice.io
The Expert View: Reducing cyber-risk across OT and critical infrastructureSponsored by Claroty
The Expert View: Transforming security through risk intelligenceSponsored by Obrela
Winston House, 3rd Floor, Units 306-309, 2-4 Dollis Park, London, N3 1HF
23-29 Hendon Lane, London, N3 1RT
020 8349 4363
© 2025, Lyonsdown Limited. teiss® is a registered trademark of Lyonsdown Ltd. VAT registration number: 830519543