OpenAI Confirms No User Data Compromised in TanStack npm Supply-Chain Attack

Severity: Medium (Score: 51.9)

Sources: News.Az, www.reuters.com, Thenextweb

Summary

OpenAI reported that no user data was accessed during a supply-chain attack involving the TanStack npm library. The attack occurred on May 11, 2026, when 84 malicious packages were published through TanStack's legitimate release pipeline after an attacker hijacked the GitHub Actions runner. Two corporate laptops at OpenAI were affected, with limited credential material exfiltrated, but passwords and API keys remained secure. The malicious packages were linked to the Mini Shai-Hulud campaign, which has compromised over 170 packages across npm and PyPI, with a cumulative download count exceeding 518 million. OpenAI is currently isolating affected machines and rotating credentials while restricting code-deployment workflows. The company emphasized that its product surface was not compromised, framing the incident as a workplace IT issue rather than a customer-facing security event. Key Points: • OpenAI confirmed no user data was accessed during the TanStack npm supply-chain attack. • The attack involved 84 malicious packages published through TanStack's legitimate release pipeline. • OpenAI is isolating affected systems and rotating credentials while restricting code-deployment workflows.

Key Entities

• Supply Chain Attack (attack_type)
• Worm (attack_type)
• Aqua Security (company)
• Guardrails AI (company)
• Mistral AI (company)
• OpenAI (company)
• TanStack (company)
• Bitwarden (tool)
• OpenSearch (tool)
• GitHub Actions (tool)
• Trivy (tool)
• news.az (domain)
• Mini Shai-Hulud (malware)
• Shai-hulud 2.0 (malware)
• T1003 - OS Credential Dumping (mitre_attack)
• T1195 - Supply Chain Compromise (mitre_attack)
• MacOS (platform)
• TanStack Npm Library (platform)