Thread regarding Optum layoffs

@bf that guy is useless, more…pi-s down your back and tell you it’s raining…

We are doing the needful. wobbles head

Love watching this titanic sink from the sidelines LOL

@bd Imagine thinking anyone who posted a write-up like that is some id--t from offshore. The id--ts from offshore are the people going "uhh I think I'm affected, I have version 0.1.0 even though it says 4.1.1 of this package is affected, I better say we're impacted!"

Just look at the ESRO channel, it's a nonstop slew of this incompetence.

@ar those offshore are all busy doing their other jobs

All y'all pointing out why this isn't an issue need to find other jobs, this company is too fu--ing re--rded to have you.

@a2 this is re*arded. Unless you installed the package AFTER a malicious version was uploaded there is nothing to worry about. 99% of all other web apps use npm and you don’t see them taking down all production builds. Leadership and security simply do not know what they are doing.

Just like foriegn actors have taken over your government - they own your code and technology. America can be shut off at any moment they want. But they prefer to steal your IP first. Be prepared America it is happening.

Well I recommend we just attach the flux capacitor, do some jswing object compression, bang the boss, then throw the nearest competitor under the bus, hit on my peer, then lie about what’s going on. Finally sit on my hill and play with my trumpet.

The guy on the call whose profile picture is him in a helicopter is d-mber than a bag of bricks. He is the guy demanding everyone stop all work. he was telling people clearing their NPM cache on their macbooks will fix the issue and ESRO is pointing all teams to go to him for approval to "continue coding". its insane.

Looks like Billy Badass the middle-manager got done fingering his a--hole long enough to hurl more useless insults at us.

@bb Its because "yessir we did the needful" doesn't cut it anymore fu--ing sack of sh-t liars

@b9 Are the adults in the room with you right now?

For those technical that might not be familiar with NPM, it is the package manager for NodeJS (JavaScript/typescript). Yesterday, 400ish packages received an update that included malicious code that attempts to self replicate and steal environment variables from you local computer and through GitHub Actions.

Here’s why it doesn’t matter:

1. Anyone using NPM will generally have a lock file which specifies the package and version number. Even if you did use one of these more obscure packages you would have had to upgrade or install it for the first time yesterday during a specific 4 hour window.
2. The site that the code sends your environment variables to was taken down yesterday afternoon completely nulling the effects
3. Because of the obscurity of these packages, I doubt almost any repo had them installed even as sub dependencies.
4. The infected versions have already been deleted from NPM.

Yet, Optum has decided to stop all engineering work. They literally are a day late at this point anyways. The so called tech leaders don’t understand anything about this problem and don’t trust their own employees who do. That’s why they make these uninformed decisions to just stop all work. If we had anyone competent at the helm this would just be another day at the office.

It’s not a breach. They are overreacting to a software supply chain hack that affected almost no one yesterday. Their lack of technical knowledge is shiny bright.

@b8 You're welcome to explain how this company is actually impacted. We'll wait. Because the adults in the room know how easily this issue is avoided.

@b2 Most companies don't have the liability issues UHG does shitbrain.

@an You're an id--t

@a3 Why your comment get downvoted, but the mo--n with no experience who responded with 'it big security issue, we in same boat' get to +11? Y'all aren't serious people, who let offshore on here? If this was as big an issue as Optum/UHG is making it out to be, every other company would be shutting sh-t down like we are because YES, like 99% of everyone with a modern webapp uses NPM. But other companies aren't filled with mo--ns running around in security.

Have they tried asking Copilot how to fix it?

Not gonna lie, its pretty hilarious sitting on this call with ESRO trying to page these teams that are full offshore to confirm they are not impacted and no one is joining.

It's not a breach and not a 'big security issue.' It's an over-reaction.

It's a compromise of some very obscure packages that most teams likely are not using, it's very easy to check if your dependencies are affected. You would've also had to have deliberately updated one of these packages during a window in which these packages were affected. The possibility of this company even being impacted, even to a minimal extent by this, is astronomically low.

This is not a targeted attack on our company ala what happened with Change Healthcare and not a bigger issue like the log4j vulnerability from a few years back. This is an issue of Optum/UHG offshoring all of its brainpower to the point that it doesn't understand how to respond to stuff like this and offshoring the talent that could've determined if their team was impacted.

probably by someone outside the US eyeroll

this virus has been out and in the news for multiple days now, so if it was a precaution we would have been hearing about it before. My hunch is a team pulled the malware into our sEcUrE corporate cloud environments.

Its this

https://thehackernews.com/2025/09/40-npm-packages-compromised-in-supply.html

Received call from Global crisis management to stop using apps until further notice. something is going on.

related to the NPM supply chain issue where it exfiltrates GCP/AWS/Azure secrets from GH actions.

Who coulda seen this coming?

Our team is not impacted but based on the panic and impacted libraries, im guessing either UI teams or security. It was tinycolor library and Crowdstrike libraries that were hijacked

To be fair, this appears to not be related just to Optum/UHG but all companies.

It's a big security issue. we are in same boat.