← Latest news 
OpenAI confirms limited data theft after supply chain attack tied to TanStack malware updates
Technology
Published on 14 May 2026
Only employee code repos were hit, OpenAI says
OpenAI says hackers stole limited credential data from a small subset of internal source code repositories accessed by two employees, after a supply chain attack affected their devices. The company reports no evidence that user data, production systems, intellectual property, or existing software installations were compromised. OpenAI traces the incident to an earlier TanStack open source breach, where attackers published 84 malicious software versions over a six-minute window. OpenAI is rotating signing certificates as a precaution, requiring macOS updates.
- Two OpenAI employees had devices impacted, company said
- No evidence of user data access or production compromise
- Attack led to credential theft from limited internal repos
- TanStack breach included 84 malicious versions in six minutes
- Malware aimed to steal credentials and self-propagate
- OpenAI is rotating digital certificates; macOS users must update
Read the full story at TechCrunch
This summarization was done by Beige for a story published on 
TechCrunch