www.it-connect.fr
OpenAI Confirms Data Theft After TanStack Supply Chain Attack
OpenAI has confirmed that devices belonging to two of its employees were affected by a supply chain attack targeting TanStack. Following this security incident, the AI giant had to take several precautionary actions, including forcing macOS users to update OpenAI apps before mid-June.
Table of Contents
OpenAI Caught Up in Mini Shai-Hulud
The wave of incidents triggered several weeks ago by the TeamPCP group continues to make headlines. Another collateral victim that needs no introduction has been affected: OpenAI. Indeed, the devices of two of its employees were compromised as part of the "Mini Shai-Hulud" campaign. As a reminder, this campaign infects computers by compromising popular packages into which malicious code is injected. These infected packages are then distributed through npm and PyPI.
The malicious code is designed to steal cloud credentials and developer environment secrets (SSH keys, GitHub tokens, Kubernetes secrets, .env files).
Through a statement, OpenAI detailed the impact of this incident: "We observed activity consistent with the publicly described malware behavior, including unauthorized access and credential-focused exfiltration activity, in a limited subset of internal source code repositories that the two affected employees had access to."
OpenAI states that this intrusion did not affect customer data or its production systems. However, some credentials were still exfiltrated by the cybercriminals. In response, OpenAI had to take several precautionary measures.
A Countdown for macOS
OpenAI took a series of measures as soon as the incident was detected. The affected systems and accounts were isolated, sessions were revoked, and deployment flows were temporarily restricted while investigations were carried out.
At present, the main risk lies in the exposure of OpenAI code-signing certificates for macOS, Windows, iOS, and Android. This would allow attackers to sign malware with OpenAI’s certificate, and therefore distribute malicious software that can more easily evade detection systems. Although no abuse has been detected so far, OpenAI chose to renew the certificates as a precaution.
This decision has the following impact for users:
- For macOS users: it is imperative to update your OpenAI desktop app before June 12, 2026. After that date, Apple will prevent apps signed with the old certificates from launching.
- For Windows and iOS users: there is no impact to report, and no action is required.
On macOS, you must update the following apps: ChatGPT Desktop, Codex App, Codex CLI, Atlas.
An Incident Linked to the Attack on TanStack
Earlier, I mentioned the Mini Shai-Hulud campaign carried out by the TeamPCP group. In OpenAI’s case, what allowed the infection of two employees’ computers was the initial incident targeting TanStack. The framework’s NPM packages were compromised on May 11, 2026 (a supply chain attack), which made it possible to infect computers.
OpenAI is not an isolated case, as other open source projects were also directly affected by the TanStack compromise. A report published by Snyk states: "The spread extended to more than 200 packages, beyond the initial 84 @tanstack/* releases, as indicated by Snyk’s security database. This allowed the worm to spread to Mistral AI, UiPath, and dozens of other secondary victims."
