OpenAI confirmed on Wednesday that hackers compromised two employee devices as part of a broader supply chain attack targeting the open source library TanStack. The incident, which unfolded earlier this week, is the latest in a growing wave of attacks where malicious actors hijack trusted open source projects to distribute malware to downstream users.
What happened in the TanStack attack
On Monday, TanStack disclosed that attackers published 84 malicious versions of its software within a six-minute window. The malicious updates contained credential-stealing malware designed to self-propagate across systems. A researcher detected the intrusion within 20 minutes, limiting the window of exposure. The attack targeted developers who downloaded the compromised packages, potentially affecting dozens of companies that rely on TanStack for building web applications.
Also read: Notion transforms workspace into hub for AI agents with new developer platform
OpenAI stated that the two affected employees had their devices compromised by the TanStack malware. The company said an investigation found unauthorized access and theft of credentials from a limited subset of internal source code repositories accessible to those employees. However, OpenAI emphasized that no user data, production systems, or intellectual property were accessed, and no software was altered.
How OpenAI is responding
As a precautionary measure, OpenAI is rotating digital certificates that were stored in the affected repositories. These certificates are used to sign OpenAI’s products, and the rotation will require macOS users to update their applications. The company stated it found no evidence of compromise or risk to existing software installations.
Also read: Anthropic's Cat Wu on staying ahead in AI: 'We don't think about competitors'
The incident underscores the persistent vulnerability of the open source software supply chain. Unlike direct attacks on specific companies, supply chain attacks target widely used libraries and tools, allowing attackers to compromise multiple organizations with a single breach.
Broader implications for the software industry
This attack follows a pattern of increasingly sophisticated supply chain compromises. In March, North Korean hackers hijacked the Axios open source development tool, pushing malware that could have infected millions of developers. In May, Chinese hackers were accused of a similar attack targeting Daemon Tools, affecting thousands of Windows computers. The TanStack attack, while smaller in scale, demonstrates that no open source project is immune.
The identity of the attackers behind the TanStack incident remains unclear. Some past supply chain attacks have been attributed to a hacking group known as TeamPCP, though other actors have employed similar tactics. The decentralized nature of open source development makes it difficult to secure every project, and the industry continues to grapple with how to prevent these attacks at scale.
Conclusion
The OpenAI breach serves as a reminder that even well-resourced technology companies are vulnerable to supply chain attacks. While the company moved quickly to contain the damage and reassure users, the incident highlights the need for stronger security practices across the open source ecosystem. For now, OpenAI users can take some comfort in the company’s assertion that customer data remains safe, but the broader threat to the software supply chain shows no signs of abating.
FAQs
Q1: Was any OpenAI user data stolen in this attack?
No. OpenAI confirmed that no user data was accessed or compromised. The breach was limited to internal source code repositories accessible to two affected employees.
Q2: Do I need to take any action as an OpenAI user?
OpenAI is rotating digital certificates as a precaution, which will require macOS users to update their applications. No other action is needed for users at this time.
Q3: What is a supply chain attack, and why is it dangerous?
A supply chain attack targets trusted software components or libraries that are widely used by developers. By compromising these components, attackers can distribute malware to many organizations at once, making it harder to detect and contain.
