Organizations whose developers or ML engineers installed this package may have exposed production credentials, SSH private keys, VPN access configurations, and browser-stored passwords — providing an attacker persistent access to internal systems and cloud environments. Cryptocurrency assets held in affected wallet software face direct theft risk. If compromised credentials accessed cloud infrastructure, SaaS platforms, or source code repositories, the downstream impact can extend to customer data, intellectual property, and production system integrity well beyond the initial endpoint.
You Are Affected If
Developers, data scientists, or ML engineers installed 'open-oss-privacy-filter' from Hugging Face on a Windows workstation or pipeline runner
The affected system runs Chromium-based browsers (Chrome, Edge, Brave) or Gecko-based browsers (Firefox) with stored credentials or active sessions
The affected system has cryptocurrency wallet software, FileZilla, SSH clients, FTP clients, or VPN clients with saved credentials
CI/CD pipelines or ML workflow automation download Hugging Face packages without pre-installation integrity verification or allowlisting
npm is used in the same environment and packages associated with WinOS 4.0 infrastructure were installed (infrastructure overlap identified by HiddenLayer)
Board Talking Points
A fake AI tool package disguised as an OpenAI product was downloaded 244,000 times and installed credential-stealing software on Windows machines, putting any organization whose developers installed it at risk of system compromise.
Security teams should immediately audit developer and data science environments for the package, isolate affected systems, and rotate all credentials from those machines — this week.
Organizations that take no action on affected systems risk an attacker maintaining persistent access through stolen credentials long after the initial infection, potentially reaching production infrastructure and customer data.
GDPR — credential theft targeting browser session data and SSH/VPN configurations on developer systems may constitute a personal data breach if compromised access reaches systems processing EU personal data; notification obligations may apply
PCI-DSS — if browser-stored credentials or VPN configurations on affected systems provide access to cardholder data environments, this constitutes a potential CDE compromise requiring incident response under PCI-DSS v4.0 requirements 12.10
