Security2 min read

OpenAI Confirms Data Breach After Hackers Hijack Popular Open Source Projects

Hackers targeted open source projects used by companies and pushed malware-laden updates. Despite initial concerns, OpenAI says user data was not compromised.

Admin User

•Updated May 27, 2026
0
OpenAI Confirms Data Breach After Hackers Hijack Popular Open Source Projects

Earlier this week, a concerning incident unfolded in the tech world as hackers managed to hijack several popular open source projects, including TanStack, and spread malicious code through seemingly harmless updates. This recent attack is part of an ongoing trend of supply-chain attacks that have been plaguing software developers and their projects.

On Wednesday, OpenAI confirmed that two employees had their devices 'impacted by this attack,' but the company released a reassuring statement in its blog post. OpenAI stated that there was no evidence of user data being accessed or intellectual property compromised. The company did find unauthorized access and theft of credentials from limited internal source code repositories to which the affected employees had access.

The breach began with an earlier attack on TanStack, a widely used library for building web applications. On Monday, TanStack disclosed that hackers had published 84 malicious versions of its software during a six-minute window. The attack was quickly detected by a researcher within just 20 minutes. The malicious versions included malware designed to steal credentials and self-propagate.

While the immediate threat to user data appears to be minimal, OpenAI is taking precautionary measures by rotating digital certificates used to sign their products. This will require macOS users to update the app as a safety measure. However, according to the company's statement, 'We have found no evidence of compromise or risk to existing software installations.'

The identity of the hackers behind this attack remains unclear. Previous supply-chain hacks have been linked to various groups, including TeamPCP and North Korean hackers who targeted Axios and Daemon Tools respectively. These incidents highlight the increasing risks associated with open source projects and the importance of vigilance in the tech industry.

For more information or if you have any details about similar supply chain attacks, feel free to contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, via Telegram and Keybase @lorenzofb, or email.

OpenAIsupply chain attackTanStackmalware