OpenAI said no customer data was compromised after attackers used malicious open-source TanStack npm packages to target employee devices in a broader “Mini Shai-Hulud” software supply-chain campaign.
OpenAI said it found no evidence that customer data was accessed after a software supply-chain attack involving malicious versions of the open-source TanStack npm packages compromised two employee devices in its corporate environment.
In a security update, OpenAI said the attackers conducted “unauthorised access and credential-focused exfiltration activity” and that only “limited credential material was successfully exfiltrated.” The company added that there was no evidence customer data, production systems, intellectual property, or software code were compromised.
The incident was linked to the broader “Mini Shai-Hulud” campaign targeting open-source developer ecosystems including npm and PyPI.
According to a TanStack postmortem published on 11 May, attackers uploaded 84 malicious versions across 42 @tanstack/* npm packages after exploiting weaknesses in GitHub Actions workflows and CI/CD cache systems.
Cybersecurity firm Snyk and researchers cited by Tom’s Hardware said the malicious packages were designed to steal GitHub tokens, cloud API keys, npm credentials, and CI/CD secrets.
The wider campaign reportedly affected projects linked to Mistral AI, UiPath, and OpenSearch.
OpenAI said it isolated impacted systems, revoked sessions, rotated credentials, and updated security certificates as a precautionary measure. The incident has renewed scrutiny around growing security risks across open-source software supply chains and developer package ecosystems.
