OpenAI says no user data breached after security issue with open-source library

OpenAI caught in TanStack npm supply chain chaos after employee devices compromised

OpenAI says attackers behind the TanStack npm supply chain compromise stole internal credentials after reaching two employee devices, forcing the company to rotate signing certificates for several desktop products. The company disclosed this week that it had been caught up in the wider "Mini Shai-Hulud" campaign targeting npm ecosystems and developer infrastructure, though it said there was no evidence that customer data, production systems, or …

OpenAI Tells Mac Users to Update Apps After Software Supply Chain Attack

OpenAI was hit by a supply chain attack involving hackers publishing a malicious version of Tanstack software used for web development.

The ChatGPT desktop app for Mac just got hit with a security breach

OpenAI found no evidence that user data was accessed.

OpenAI says hackers stole some data after latest code security issue

OpenAI said the damage was limited to the employees’ devices, and did not affect user data nor its production systems, and none of its intellectual property was stolen.

OpenAI confirms security breach in TanStack supply chain attack

OpenAI says two employees' devices were breached in the recent TanStack supply chain attack that impacted hundreds of npm and PyPI packages, causing the company to rotate code-signing certificates for its applications as a precaution.

OpenAI says no user data was touched in the TanStack npm worm

Two corporate laptops, some credential material, and a forced macOS app update. The interesting part is how the malicious packages got published in the first place: not by a stolen npm password, but by TanStack’s own legitimate release pipeline, after the attacker code took over the runner mid-build. OpenAI said on Wednesday that it found […] This story continues at The Next Web