OpenAI has confirmed that two of its employees’ devices were affected following a recent software supply chain attack. The company stated that as a result of its investigations, there was no evidence that user data was accessed or intellectual property was compromised.

Attackers targeted TanStack, a popular open source library that helps developers create web applications. TanStack announced that 84 malicious software versions were released in a six-minute period and the situation was detected in a short time.

Effects of the attack on OpenAI

OpenAI reported unauthorized access and credential theft to a limited number of internal source code repositories that the two affected employees had access to. The company stated that only a limited amount of personally identifiable material was received from these warehouses.

As a security measure, it was decided to renew the digital certificates in the affected repositories. This process stands out as a step that will require macOS users to update their applications.

OpenAI emphasized that there are no risks or dangers to existing software installations. The company stated that no changes were made to its systems and security protocols were meticulously implemented.

Supply chain attacks are becoming common

It is not yet clear who is behind the TanStack attack. Similar methods have been used by different groups in many attacks targeting software developers recently.

In March, popular development tool Axios was compromised by North Korean hackers and software was distributed that could affect millions of developers. A similar attack was carried out against the Daemon Tools software in May.

In such attacks, instead of targeting companies directly, hackers seize open source projects and spread malicious software through updates. This method allows them to simultaneously compromise multiple targets across the internet with a single attack.

What do you think about the risks that such cyber attacks pose for the software world?