Openai · CNBC Technology
The ChatGPT maker confirmed it surfaced no evidence that its user data was accessed
Compiled by KHAO Editorial — aggregated from 1 outlet. See llms.txt for citation guidance.
◌ Single Source
OpenAI said on Friday it had identified a security issue involving a third-party developer tool called Axios and is taking steps to protect the process that certifies its macOS applications are legitimate OpenAI apps.
Key facts
- According to OpenAI, Axios, a widely used third-party developer library, was compromised on March 31, as part of a broader software supply chain attack by actors believed to be linked to North Korea
- Effective May 8, older versions of OpenAI's macOS desktop apps will no longer receive updates or support, and may not be functional, the ChatGPT maker said
- This attack led a GitHub Actions workflow used by OpenAI to download and execute a 'malicious' version of Axios
- Passwords and OpenAI API keys were not affected by the third-party security issue, the company said, adding that the root cause of the security incident was a misconfiguration in the GitHub Actions
Summary
The ChatGPT maker said it found no evidence that its user data was accessed, that its systems or intellectual property was compromised, or that its software was altered. * The company said it is updating its security certifications, requiring all macOS users to update their OpenAI apps to the latest versions to help prevent any risk of someone attempting to distribute a fake app. * According to OpenAI, Axios, a widely used third-party developer library, was compromised on March 31, as part of a broader software supply chain attack by actors believed to be linked to North Korea. * This attack led a GitHub Actions workflow used by OpenAI to download and execute a 'malicious' version of Axios.