Apple компани өөрийн нууц мэдээллийг хулгайлж, хуучин ажилтнуудаа татан авсан хэмээн OpenAI-г шүүхэд дууджээ.
Apple-ийн мэдээлснээр, систем хариуцсан цахилгааны инженер Чан Лю нь тус компаниас гарсныхаа дараа OpenAI-д ажиллах хугацаандаа дотоод сүлжээнд нэвтэрч, нууц файлуудыг хулгайлсан байна. Тэрээр өмнө нь ашиглаж байсан ажлын компьютер болон Apple-ийн өөр нэг ажилтны эрхийг ашиглан, тус компанид урьд өмнө бүртгэгдээгүй байсан “zero-day” буюу системийн ноцтой сул талыг ашиглан нэвтэрчээ. Чан Лю нь энэхүү үйлдлийнхээ талаар OpenAI-ийн ажилтанд “сүлжээнд нэвтэрч чадсандаа гайхаж байна” гэх утгатай зурвас илгээсэн нь шүүхэд гаргасан гомдолд дурдагдсан байна.
Хулгайлагдсан файлуудад Apple-ийн зах зээлд гараагүй бүтээгдэхүүнүүдийн техникийн үзүүлэлт, инженерийн танилцуулга болон бусад өмчийн мэдээллүүд багтсан аж. Apple компани тухайн үед системийн сул талыг засварлаж, холбогдох ажилтны нэвтрэх эрхийг хаасан боловч тус компаниас гарсан ажилтнуудын мэдээллийн аюулгүй байдлыг хангах асуудал энэ тохиолдлоор дахин хөндөгдөж байна.
Apple компани Калифорни муж улсын Холбооны дүүргийн шүүхэд гомдол гаргасан бөгөөд шүүх хурал энэ онд багтаан эхлэх төлөвтэй байна. Одоогоор Apple-ийн зүгээс системийн сул тал болон ажилтны нэвтрэх эрхийг хэзээ бүрмөсөн хаасан талаарх тодруулгад хариу өгөөгүй байна.
Дэлгэрэнгүйг эх сурвалжаас харах
↓Эх сурвалжийг нээх ↓
On Friday, Apple dropped the bombshell news it was suing OpenAI over the alleged theft of trade secrets, claiming that OpenAI stole Apple’s confidential data and engaged in efforts to learn proprietary information while recruiting former Apple employees.
In accusing OpenAI of stealing secrets about Apple’s unreleased products, Apple revealed that a former employee allegedly siphoned reams of sensitive files from the company’s shared network folders, weeks after leaving Apple for a job at OpenAI.
In its complaint, Apple says the former employee, a system electrical engineer named Chang Liu, allegedly “exploited a rare, previously unknown authentication bug” that allowed access to the company’s network. The bug is classified as a zero-day vulnerability, meaning that Apple had no time to fix it before it was allegedly exploited.
Apple has since fixed the bug and said it terminated the employee’s access once it learned of this “security breach.” In its complaint, Apple said the bug could have allowed a “few other” people to access data on its network, but alleged that only Liu exploited the bug to steal Apple’s confidential information while no longer an employee, citing a check of its server logs.
The disclosure, while light in detail, highlights the challenges that organizations face with protecting sensitive corporate data after employees no longer work there. Companies often move to immediately cut off departing staff from further access to protect any sensitive information from leaving, including inadvertently. Companies that fail to fully decommission their employees’ accounts can face future security lapses, data breaches, or malicious actions by disgruntled staff.
Apple spokespeople did not respond to an email from TechCrunch with questions about the security vulnerability, how it was exploited, and when the company decommissioned the employee’s credentials.
“LOL… so funny.”
In the complaint, Apple alleged that Liu took “dozens of Apple’s confidential hardware-related files” over the course of several weeks while as a new OpenAI employee.
Apple said the files contained “detailed information about unreleased products, engineering presentations, technical specifications, and proprietary project data.”
The company claims Liu failed to return the Apple-issued work laptop he had previously used to access Apple’s network, suggesting it was once able to send and receive files from Apple’s internal systems. The complaint said that Liu allegedly claimed to have “another computer.”While he was at OpenAI, Liu also allegedly misused the access of an acquaintance, Yu-Ting Peng, a then-Apple employee who later went to work for OpenAI. Liu allegedly used Peng’s Apple-issued work laptop “while she was still employed at Apple and he was not.”
Apple said that during February 2026, Liu “tried to access Apple’s network storage — a cloud-based file repository containing Apple’s confidential engineering files, project documentation, and other proprietary information.”
Liu had allegedly discovered that he “still could access Apple’s network repository after leaving Apple, the result of a then-unknown authentication vulnerability.”
Apple did not describe the authentication “bug” that Liu allegedly used to access Apple’s network. However, authentication bugs generally refer to flaws in the login process that allow improper access to systems or data, either because of a weakness in how the login mechanism works or due to a misconfiguration, such as overbroad permissions or not decommissioning the login credentials of a former employee.
Apple wrote in its complaint that when Liu learned he had unauthorized access to Apple’s systems, he did not report the bug to Apple under his employment agreement obligations, nor did he return his Apple-issued work laptop.
The complaint added that Liu also failed to “delete the program that allowed the access” to Apple’s network. The company did not say what program or app that Liu allegedly used to access Apple’s systems. It’s not uncommon for employees to have tools, such as a work-approved VPN or remote-viewing app, that allow them to access sensitive data from outside of the company’s offices using their credentials.
Given that Liu was previously granted credentials to Apple’s network as an employee, TechCrunch asked Apple when the company decommissioned Liu’s access, but we did not hear back.
Once Liu allegedly gained access to the network share, he wrote to Peng: “LOL, I found out I can access the [network storage], so funny.”
Apple filed its suit in the U.S. District Court for the Northern District of California in San Jose, and has demanded a jury trial. The case, if it proceeds, could begin this year.
When you purchase through links in our articles, we may earn a small commission. This doesn’t affect our editorial independence.

