The complaint filed in the U.S. District Court for the Northern District of California outlines a breach involving a zero-day vulnerability. According to Apple, Liu discovered he maintained remote access to internal repositories long after his departure. Instead of reporting the flaw, the engineer allegedly used the security gap to download dozens of proprietary hardware files, engineering presentations, and unreleased project specifications.
Apple Sues Former Engineer for Exploiting Zero-Day to Steal Trade Secrets
Apple has launched a legal battle against OpenAI, alleging that a former staffer used a previously unknown authentication flaw to siphon sensitive product data. The lawsuit claims that system engineer Chang Liu accessed restricted network folders for weeks after departing the company for a new role at OpenAI.

Evidence cited in the filing suggests the breach involved more than just software exploits. Apple alleges that Liu retained his company-issued laptop and further bypassed security by using the credentials of a former colleague, Yu-Ting Peng, who also moved to OpenAI. Internal communications captured in the logs show Liu mocking the security oversight, messaging Peng, "LOL, I found out I can access the network storage, so funny." Apple has since patched the vulnerability and terminated the unauthorized access, but the case underscores the persistent risks of failing to fully decommission credentials for departing personnel.




Comments (0)
No comments yet. Be the first!