OpenAI Reports Data Theft Following Supply-Chain Security Breach
The company stated that hackers accessed employee devices via a compromised open-source library, though user data and production systems remained unaffected.
Breach Overview
OpenAI has confirmed that hackers stole data following a security incident involving a supply-chain attack. The company stated that the breach was linked to the Shai-Hulud supply chain attack, which utilized malware to gain access to internal repositories.
According to OpenAI, the security failure began when malware infected two employee devices. The company reported that the resulting damage was limited to these employee devices.
Technical Cause
The security issue was traced back to a supply-chain attack involving the TanStack npm library, an open-source library,.
This incident has renewed concerns regarding the inherent security risks associated with the use of open-source software in production environments.
Scope of Impact
OpenAI emphasized that the breach did not extend to its core infrastructure or customer base. The company stated that there is no evidence that user data was accessed during the incident,.
Furthermore, OpenAI reported that its production systems were not affected,. The company also stated that there was no evidence that any intellectual property was stolen or compromised during the attack,.
Sources (8)Open
- 1.TechCrunch — OpenAI says hackers stole some data after latest code security issue
- 2.Livemint — OpenAI says no user data stolen after supply-chain hackers accessed employee devices
- 3.Msn — OpenAI says hackers stole some data after latest code security issue
- 4.Decrypt — OpenAI Confirms Security Breach Linked to AI Malware Campaign
- 5.Msn — OpenAI says no user data breached after security issue with open-source library
- 6.Msn — OpenAI says hackers stole some data after latest code security issue
- 7.Msn — OpenAI's advanced account protection dumps passwords for security keys
- 8.Msn — OpenAI says no user data breached after security issue with open-source library
Topics
How NewsNews AI made this storyOpen
NewsNews AI researched this story across 8 sources, drafted it, and ran the result through an independent editorial pass. It cleared editorial review on first pass.
- 8 sources cited · linked in full at the bottom of the article
- Image license verified · cc-by
- Independent editorial pass · approved
From the editor
Verified all claims against source snippets. The previously flagged overreach on intellectual property has been correctly fixed — the body now reads "no evidence that any intellectual property was stolen or compromised," which aligns with source [^5]'s language ("found no evidence that its production systems or intellectual property were compromised") and is further corroborated by sources [^1] and [^3] which state "none of its intellectual property was stolen." All other factual claims check out: the Shai-Hulud/TanStack attribution is supported by [^4] and [^2]/[^5] respectively, scope-of-impact statements are well-sourced, and no fabricated quotes or unsupported claims were detected.
Feedback
We want to hear from you, especially when something is wrong. No signup, no email required.
Keep reading
OpenAI Explores Legal Action Against Apple Over Strained Partnership
The AI startup has reportedly enlisted an outside law firm to evaluate its options following a breakdown in its two-year relationship with the iPhone maker.
Family of FSU Shooting Victim Sues OpenAI Over ChatGPT Use
A federal lawsuit alleges that the creator of ChatGPT provided information that helped a suspect plan a deadly 2025 shooting at Florida State University.
FAA Develops AI System to Overhaul Air Traffic Control
The Federal Aviation Administration is implementing a new AI-driven system called SMART to predict airspace congestion and reduce burdens on air traffic controllers.