No user data leaked in OpenAI security alert
OpenAI has identified a security issue involving a widely used third-party developer tool but says there is no evidence that user data was accessed or compromised.
The issue is linked to Axios, a popular developer library that was reportedly compromised on March 31 as part of a broader software supply chain attack. The attackers are believed to be associated with North Korean hacking groups, News.Az reports, citing Reuters.
According to OpenAI, the incident affected an internal automation process using GitHub Actions, which mistakenly downloaded and executed a malicious version of Axios. This workflow had access to sensitive signing tools used to verify the authenticity of OpenAI’s macOS applications.
RECOMMENDED STORIES
Despite the breach in the development pipeline, OpenAI emphasized that:
- User data was not accessed
- Internal systems and intellectual property remain secure
- No software was altered or tampered with
The company added that its investigation suggests the attackers were likely unable to extract critical signing certificates, limiting the potential damage.
As a precaution, OpenAI is strengthening its security certifications and urging all macOS users to update their apps to the latest versions. This step is aimed at preventing any risk of fake or malicious versions of OpenAI software being distributed.
Affected apps include:
- ChatGPT Desktop
- Codex
- Codex CLI
- Atlas
OpenAI also confirmed that passwords and API keys were not impacted.
Starting May 8, older versions of OpenAI’s macOS applications will:
- No longer receive updates
- Lose official support
- Potentially stop working
The company traced the issue back to a misconfiguration in its GitHub Actions workflow, which has now been fixed.
This incident highlights the growing risk of supply chain attacks, where hackers target trusted third-party tools to infiltrate larger systems. Even major tech companies like OpenAI are not immune—but in this case, early detection prevented a wider breach.
By Aysel Mammadzada
Similar news
