"In case you missed it, which would have been easy to do given the timing, OpenAI -- the company responsible for generative AI solutions like ChatGPT and Sora -- announced on Thanksgiving eve that some of its customer data had been stolen as the result of a type of cyber intrusion known as a supply chain attack. A supply chain attack occurs when, in targeting a major tech brand like OpenAI, threat actors launch their attack against one of the third-party solutions used by that brand."
"If you're a cybercriminal and the main target of your attack (in this case, OpenAI) is doing a good job with its defenses, there's always a chance that one of its suppliers is vulnerable. For the hundreds of global brands whose Salesforce data was stolen, the threat actors also conducted a supply chain attack on Salesloft's Drift, a third-party Salesforce add-on used by many Salesforce customers to integrate AI-driven chatbot functionality into their websites and apps."
OpenAI confirmed that some customer data was exfiltrated in a supply-chain attack that targeted Mixpanel, a third-party analytics provider. The breach affected only visitors to OpenAI's API documentation and caused minimal but noteworthy damage. Mixpanel detected the intrusion on November 8, notified OpenAI on November 9, and provided additional details on November 25. OpenAI has ceased using Mixpanel. Supply-chain attacks increasingly target vendors used by large tech companies; examples include attacks on Salesloft's Drift that exposed Salesforce customer data. Disclosure notes that Ziff Davis filed an April 2025 lawsuit alleging OpenAI used its copyrights for model training.
Read at ZDNET
Unable to calculate read time
Collection
[
|
...
]