OpenAI confirms employee devices hit in supply‑chain hack of open‑source library TanStack
Key Points
- Hackers compromised the open‑source library TanStack, releasing 84 malicious versions in a six‑minute window.
- OpenAI confirmed two employees' devices were impacted, granting limited access to internal code repositories.
- Only a small amount of credential material was stolen; no user data or production systems were breached.
- OpenAI is rotating digital certificates used to sign its products, requiring a macOS app update.
- The incident adds to recent supply‑chain attacks on open‑source tools, previously linked to groups like TeamPCP, North Korean, and Chinese actors.
OpenAI said two of its employees were affected by a recent supply‑chain attack that compromised the popular open‑source library TanStack. The breach allowed hackers to insert malicious code into the library, steal limited credential material from internal repositories and briefly expose digital certificates used to sign OpenAI products. The company found no evidence that user data, production systems or intellectual property were compromised and is rotating the certificates, prompting a macOS update. The incident adds to a string of recent attacks on open‑source projects.
Hackers seized control of the open‑source library TanStack earlier this week, pushing 84 malicious versions of the software during a six‑minute window. The attack, detected within 20 minutes by a security researcher, inserted code designed to harvest credentials from any system that installed the compromised package and to self‑propagate across networks.
OpenAI confirmed that two of its employees had their devices "impacted by this attack." The company’s internal investigation traced the breach to the TanStack incident, noting that the malicious updates granted the attackers limited access to internal source‑code repositories that the two employees could reach. OpenAI said the intruders stole only a small amount of credential material, though the repositories also contained digital certificates used to sign OpenAI products.
In response, OpenAI is rotating those certificates as a precautionary measure. MacOS users will be required to install an updated version of the OpenAI app to accommodate the new certificates. The company emphasized that it found no evidence that user data, production systems or intellectual property were accessed or altered, and it sees no risk to existing software installations.
The TanStack breach is part of a growing pattern of supply‑chain attacks targeting open‑source projects, which allow threat actors to reach dozens or hundreds of downstream users with a single compromise. Past incidents have involved groups such as the hacking collective TeamPCP, North Korean actors who hijacked the Axios development tool, and Chinese hackers who targeted Daemon Tools. While the perpetrators of the TanStack attack remain unidentified, the tactics mirror those used in earlier campaigns.
Industry experts warn that reliance on widely used open‑source components creates a single point of failure for many organizations. The rapid detection of the TanStack malicious code—within 20 minutes—demonstrates the importance of vigilant monitoring, but the episode also underscores the need for stronger provenance checks and rapid response mechanisms across the software supply chain.