OpenAI Confirms Breach via TanStack Supply Chain Attack
OpenAI disclosed that two employees' devices were compromised as part of the TeamPCP 'Mini Shai-Hulud' supply-chain campaign targeting the TanStack npm library. Limited internal source code repositories were accessed for credential exfiltration. The company rotated code-signing certificates (requiring macOS app updates) but confirmed no customer data, production systems, or customer impact.
- credentials
- code-signing certificates
OpenAI has confirmed that two employees' devices were compromised in a supply-chain attack targeting the popular TanStack npm library, resulting in the theft of credentials and code-signing certificates.
Public reporting indicates the incident formed part of the TeamPCP "Mini Shai-Hulud" campaign. Attackers gained access to limited internal source code repositories solely to exfiltrate credentials. OpenAI rotated its code-signing certificates, necessitating updates for macOS applications, but stated that no customer data, production systems, or customer accounts were affected. The company disclosed the breach on May 14, 2026. Industry research from sources such as DoxxScan™ continuous monitoring indicates that credential leaks of this nature frequently appear in underground markets within days of initial access.
Want the rest of this breakdown?
Sign up free to keep reading. Members get extended access, the weekly breach digest, and a complimentary Warden™ to see if their identity is exposed in the breaches we cover.
A breach leaks your credentials. Then hackers chain those credentials to your address, family, phone, and employer using public broker sites. We’re the only tool built around that chain.
⚠ Were you in this breach?
Free email scanner. We check your address against 15.4B+ leaked records in 15 seconds — then show you the $19 cleanup that removes you from the broker sites aggregating leaked data.
Check my email — free →