OpenAI says hackers stole some data after latest code security issue

Earlier this week, hackers hijacked several open source projects used by dozens of companies and pushed updates designed to spread malware. This is the latest in a string of recent so-called “supply chain” attacks targeting software developers and their projects. On Wednesday, OpenAI confirmed that two employees had their devices “impacted by this attack.” But, after an investigation, the company said in a blog post that it found “no evidence that OpenAI user data was accessed, that our production systems or intellectual property were compromised, or that our software was altered.” OpenAI said that employees’ devices were compromised by an earlier attack on TanStack, a popular open source library that helps developers build web apps. On Monday, TanStack disclosed the attack and published a post-mortem, saying hackers published 84 malicious versions of its software during a six-minute window. The project said a researcher detected the attack within 20 minutes. The malicious TanStack versions included malware that was designed to steal credentials from computers that the software was installed on, and self-propagate to spread to other systems. Contact Us Do you have more information about this supply chain attack? Or other supply chain compromises? From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email . …