OpenAI Codex Suffers Data Breach After Hackers Target Android App Repository
openai
| Source: Mastodon | Original article
OpenAI Codex users targeted in supply chain attack. Authentication tokens stolen via malicious npm package.
Cybersecurity researchers have uncovered a malicious supply chain campaign targeting developers using OpenAI Codex through a legitimate-looking remote web UI called codexui-android. This tool, available on GitHub and npm, has been secretly stealing OpenAI authentication tokens for the past month, with thousands of weekly users unknowingly affected.
As we reported on June 2, OpenAI has been facing several challenges, including a lawsuit over ChatGPT safety failures and the availability of its frontier models and Codex on AWS. This latest incident highlights the growing concern of AI-related security risks. The stolen authentication tokens could be used to access sensitive information and compromise the security of developers' projects.
The incident is a significant concern for the AI community, and developers who have used codexui-android should immediately review their security settings and consider revoking their OpenAI authentication tokens. It remains to be seen how OpenAI will respond to this incident and what measures will be taken to prevent similar attacks in the future.
Sources
Back to AIPULSEN