OpenAI says hackers stole some data after the latest security issue in the code

Earlier this week, hackers hijacked several open source projects used by dozens of companies and pushed updates designed to spread malware. This is the latest in a series of recent so-called “supply chain” attacks targeting software developers and their projects.

On Wednesday, OpenAI confirmed that two employees had their devices “affected by this attack.” But, after the investigation, the company said in a blog post that it found “no evidence that OpenAI user data was accessed, that our production systems or intellectual property was compromised, or that our software was altered.”

OpenAI said employee devices were compromised through a previous attack on TanStack, a popular open source library that helps developers build web applications.

TanStack on Monday disclosed the attack and published a post-mortem, saying the hackers deployed 84 malicious versions of its software during a six-minute window. The project said a researcher discovered the attack within 20 minutes. The malicious versions of TanStack included malware that was designed to steal credentials from computers on which the software was installed, and self-propagate to spread to other systems.

For its part, OpenAI said it witnessed unauthorized access and theft of credentials “in a limited subset of internal source code repositories that the two affected employees had access to.”

According to the AI ​​giant, “only a limited amount of credentials” were taken from the affected code repositories. As a precaution, since the affected repositories contain digital certificates used to sign OpenAI products, the company said it is rotating certificates “as a precaution,” which will require macOS users to update the app.

“We found no evidence of compromise or risk to existing software installations,” the company wrote.

It is not clear who is behind the TanStack attack. Some previous supply chain hacks have been attributed to a hacking gang known as TeamPCP, a group that has itself been a target of hackers.

But there were other groups that used the same tactics against other projects. In March, North Korean hackers hijacked Axios, a popular open source development tool, and spread malware that could have infected millions of developers. In May, Chinese hackers were accused of a similar attack targeting thousands of Windows computers using Daemon Tools disk imaging software.

In these attacks, instead of targeting specific companies, hackers take over open source projects and deploy malware disguised as harmless regular updates. This allows them to compromise dozens of targets with just one hack, spreading the damage across the Internet.