OpenAI says it is investigating after a hacker claimed to have swiped login credentials for 20 million of the AI agency’s consumer accounts—and put them up on the market on a darkish net discussion board.
The pseudonymous breacher posted a cryptic message in Russian promoting “greater than 20 million entry codes to OpenAI accounts,” calling it “a goldmine” and providing potential patrons what they claimed was pattern information containing e-mail addresses and passwords. As reported by Gbhackers, the total dataset was being provided on the market “for only a few {dollars}.”
Picture: Gbhackers
“I’ve over 20 million entry codes for OpenAI accounts,” emirking wrote Thursday, in accordance with a translated screenshot. “Should you’re , attain out—this can be a goldmine, and Jesus agrees.”
If authentic, this could be the third main safety incident for the AI firm because the launch of ChatGPT to the general public. Final 12 months, a hacker received entry to the corporate’s inside Slack messaging system. In response to The New York Occasions, the hacker “stole particulars concerning the design of the corporate’s A.I. applied sciences.”
Earlier than that, in 2023 a fair less complicated bug involving jailbreaking prompts allowed hackers to acquire the non-public information of OpenAI’s paying prospects.
This time, nonetheless, safety researchers aren’t even certain a hack occurred. Each day Dot reporter Mikael Thalan wrote on X that he discovered invalid e-mail addresses within the supposed pattern information: “No proof (suggests) this alleged OpenAI breach is authentic. A minimum of two addresses have been invalid. The consumer’s solely different submit on the discussion board is for a stealer log. Thread has since been deleted as effectively.”
No proof this alleged OpenAI breach is authentic.
Contacted each e-mail tackle from the purported pattern of login credentials.
A minimum of 2 addresses have been invalid. The consumer’s solely different submit on the discussion board is for a stealer log. Thread has since been deleted as effectively.
— Mikael Thalen (@MikaelThalen) February 6, 2025
OpenAI takes it ‘significantly’
In an announcement shared with Decrypt, an OpenAI spokesperson acknowledged the state of affairs whereas sustaining that the corporate’s methods appeared safe.
“We take these claims significantly,” the spokesperson stated, including: “We now have not seen any proof that that is related to a compromise of OpenAI methods to this point.”
The scope of the alleged breach sparked issues as a consequence of OpenAI’s huge consumer base. Hundreds of thousands of customers worldwide depend on the corporate’s instruments like ChatGPT for enterprise operations, instructional functions, and content material era. A authentic breach might expose non-public conversations, industrial initiatives, and different delicate information.
Till there’s a last report, some preventive measures are all the time advisable:
Go to the “Configurations” tab, log off from all related gadgets, and allow two-factor authentication or 2FA. This makes it nearly inconceivable for a hacker to realize entry to the account, even when the login and passwords are compromised.
In case your financial institution helps it, then create a digital card quantity to handle OpenAI subscriptions. This manner, it’s simpler to identify and forestall fraud.
At all times regulate the conversations saved within the chatbot’s reminiscence, and concentrate on any phishing makes an attempt. OpenAI doesn’t ask for any private data, and any fee replace is all the time dealt with via the official OpenAI.com hyperlink.
Edited by Andrew Hayward
Typically Clever Publication
A weekly AI journey narrated by Gen, a generative AI mannequin.
Discussion about this post