OpenAI confirms data theft following attack on open source projects

OpenAI confirms data theft following attack on open source projects
Imagen de Editorial Team
porEditorial Team
Argentina

The company assured that the incident only affected devices of two employees and that no user data, production systems, or intellectual property were compromised. They rotate certificates as a preventive measure.

Agregar La Derecha Diario en
Compartir:

This week, hackers compromised several open-source projects used by dozens of companies and distributed malicious updates to spread malware. This is a new case of supply chain attacks targeting software developers.

OpenAI reported that two of its employees had their devices affected by this incident. After an internal investigation, the company stated that there is no evidence of access to user data, compromise of production systems, or theft of intellectual property.

The attack originated in TanStack, a popular open-source library that helps build web applications. On Monday, the project published a detailed report revealing that the attackers published 84 malicious versions of their software in a window of just six minutes. A researcher detected the anomaly in less than 20 minutes.

The infected versions included malware designed to steal credentials from the computers where it was installed and automatically propagate to other systems.

Imagen 1403198

Limited access to internal repositories

According to OpenAI, the affected employees suffered unauthorized access and credential theft in a limited subset of internal source code repositories. Only limited credential material was extracted from those repositories.

As a precaution, since some repositories contained digital certificates used to sign OpenAI products, the company decided to rotate those certificates. This measure will require macOS users to update the application.

“We found no evidence of compromise or risk to existing software installations,” the company detailed in its statement.

This type of supply chain attack has become increasingly common. Instead of directly targeting a specific company, cybercriminals compromise popular open-source projects and distribute fake updates that appear legitimate. In this way, they can affect multiple targets with a single move.

Recent background

In March, North Korean hackers compromised Axios, another open-source development tool, and distributed malware that could have infected millions of developers. In May, Chinese actors were accused of a similar attack against thousands of Windows computers using disk imaging software called Daemon Tools.

In the case of TanStack, it is still unclear who is behind the attack. Some previous similar incidents were attributed to the TeamPCP group, although there are also other actors employing the same tactics.

OpenAI emphasized that the impact was limited to the employees' devices and did not reach their core systems. The company continues to monitor the situation and recommends its users stay alert for security updates, especially regarding the rotation of certificates.


La Derecha Diario logo
ESX logoInstagram logoYouTube logoTikTok logoFacebook
ARGENTINABOLIVIAECUADORISRAELMEXICODERECHA DIARIO TV
  • ES
    XInstagramYouTubeTikTokFacebook
  • DERECHA DIARIO TV
  • Secciones
  • ARGENTINA
  • BOLIVIA
  • ECUADOR
  • ISRAEL
  • MEXICO
  • URUGUAY
  • Países
  • La Derecha Diario logoLA DERECHA DIARIO
  • La Derecha Diario México logoLA DERECHA DIARIO MÉXICO
  • La Derecha Diario Uruguay logoLA DERECHA DIARIO URUGUAY
  • La Derecha Diario Ecuador logoLA DERECHA DIARIO ECUADOR
  • La Derecha Diario Israel logoLA DERECHA DIARIO ISRAEL
  • La Derecha Diario Estados Unidos logoLA DERECHA DIARIO ESTADOS UNIDOS
  • Temas
  • GUERRA EN IRÁN
  • El Diario
  • QUIENES SOMOS
  • AUTORES
  • PUBLICIDAD
  • DONAR
La Derecha Diario logo
TwitterInstagramYouTubeTikTokFacebook
Derecha Diario TV

Nosotros

  • Quienes Somos
  • Autores
  • Donar

Privacidad

  • Protección de datos
  • Canales
  • Sitemap
  • RSS

Contacto

  • info@derechadiario.com.ar
PUBLICIDAD

Noticias relacionadas

The Government highlighted the economic stability and celebrated the historic nuclear investment in Argentina

The Government highlighted the economic stability and celebrated the historic nuclear investment in Argentina

The IOC has provisionally lifted the suspension of the Russian Olympic Committee and is moving towards its reintegration

The IOC has provisionally lifted the suspension of the Russian Olympic Committee and is moving towards its reintegration

Nigel Farage resigned from his seat and is seeking to reaffirm his leadership at the polls

Nigel Farage resigned from his seat and is seeking to reaffirm his leadership at the polls

The illusion of Boca is over: Paulo Dybala renews contract and will stay at Roma

The illusion of Boca is over: Paulo Dybala renews contract and will stay at Roma

250 years ago, an idea was born that Milei has brought back to the forefront

250 years ago, an idea was born that Milei has brought back to the forefront

AfD consolidates its leadership as Germany demands political change

AfD consolidates its leadership as Germany demands political change