OpenAI Says 2 Devices Compromised in TanStack npm Supply Chain Attack

MT Newswires Live05-14

Microsoft-backed (MSFT) OpenAI said Wednesday it found no evidence that customer data, production systems, intellectual property, or software were compromised following a supply chain attack involving the TanStack npm open-source library.

The company said two employee devices were affected by the broader "Mini Shai-Hulud" malware campaign, resulting in limited credential-focused exfiltration activity involving a small subset of internal source code repositories.

OpenAI said it responded by isolating affected systems, revoking user sessions, rotating credentials, temporarily limiting code-deployment workflows, and hiring a third-party digital forensics firm.

The company is also rotating code-signing certificates as a precaution, requiring macOS users to update their applications, while no action is needed for Windows or iOS users, OpenAI said.

Microsoft has invested billions into ChatGPT maker OpenAI.

Disclaimer: Investing carries risk. This is not financial advice. The above content should not be regarded as an offer, recommendation, or solicitation on acquiring or disposing of any financial products, any associated discussions, comments, or posts by author or other users should not be considered as such either. It is solely for general information purpose only, which does not consider your own investment objectives, financial situations or needs. TTM assumes no responsibility or warranty for the accuracy and completeness of the information, investors should do their own research and may seek professional advice before investing.

Comments

We need your insight to fill this gap
Leave a comment