OpenAI Reports Data Theft Following Supply-Chain Security Breach
The company stated that hackers accessed employee devices via a compromised open-source library, though user data and production systems remained unaffected.
Breach Overview
OpenAI has confirmed that hackers stole data following a security incident involving a supply-chain attack. The company stated that the breach was linked to the Shai-Hulud supply chain attack, which utilized malware to gain access to internal repositories.
According to OpenAI, the security failure began when malware infected two employee devices. The company reported that the resulting damage was limited to these employee devices.
Technical Cause
The security issue was traced back to a supply-chain attack involving the TanStack npm library, an open-source library,.
This incident has renewed concerns regarding the inherent security risks associated with the use of open-source software in production environments.
Scope of Impact
OpenAI emphasized that the breach did not extend to its core infrastructure or customer base. The company stated that there is no evidence that user data was accessed during the incident,.
Furthermore, OpenAI reported that its production systems were not affected,. The company also stated that there was no evidence that any intellectual property was stolen or compromised during the attack,.
Sources (8)Open
- 1.TechCrunch — OpenAI says hackers stole some data after latest code security issue
- 2.Livemint — OpenAI says no user data stolen after supply-chain hackers accessed employee devices
- 3.Msn — OpenAI says hackers stole some data after latest code security issue
- 4.Decrypt — OpenAI Confirms Security Breach Linked to AI Malware Campaign
- 5.Msn — OpenAI says no user data breached after security issue with open-source library
- 6.Msn — OpenAI says hackers stole some data after latest code security issue
- 7.Msn — OpenAI's advanced account protection dumps passwords for security keys
- 8.Msn — OpenAI says no user data breached after security issue with open-source library
Topics
How NewsNews AI made this storyOpen
NewsNews AI researched this story across 8 sources, drafted it, and ran the result through an independent editorial pass. It cleared editorial review on first pass.
- 8 sources cited · linked in full at the bottom of the article
- Image license verified · cc-by
- Independent editorial pass · approved
From the editor
Verified all claims against source snippets. The previously flagged overreach on intellectual property has been correctly fixed — the body now reads "no evidence that any intellectual property was stolen or compromised," which aligns with source [^5]'s language ("found no evidence that its production systems or intellectual property were compromised") and is further corroborated by sources [^1] and [^3] which state "none of its intellectual property was stolen." All other factual claims check out: the Shai-Hulud/TanStack attribution is supported by [^4] and [^2]/[^5] respectively, scope-of-impact statements are well-sourced, and no fabricated quotes or unsupported claims were detected.
Feedback
We want to hear from you, especially when something is wrong. No signup, no email required.
Keep reading
Trump Administration Discusses Taking Equity Stake in OpenAI
President Donald Trump and OpenAI CEO Sam Altman are in talks regarding a potential U.S. government ownership stake to benefit American citizens.
Trump signs scaled-back executive order on AI oversight
The new order establishes a voluntary framework for government review of powerful AI models, reducing the requested review window from 90 to 30 days.
Trump signs executive order seeking early government access to AI models
The new directive establishes a voluntary framework for federal agencies to review powerful AI systems before their public release to address national security risks.