Openai says it is investigating after claiming that hackers have swiped 20 million login credentials for user accounts of AI companies and claiming it will be sold on dark web forums.
The pseudonymous Bleacher is called “over 20 million access codes to Openai accounts” in Russian ads, and is sample data that includes an email address and password to potential buyers. provided to potential buyers who claim to be. As reported by Gbhackers, the complete dataset was on sale “for just a few dollars.”
Image: gbhackers
Emile King wrote Thursday, according to translated screenshots. “If you’re interested, reach out. This is a gold mine, and Jesus agrees.”
If it’s legal, this will be the third major security incident for an AI company since ChatGpt was released to the public. Last year, hackers had access to the company’s internal slack messaging system. According to The New York Times, the hackers “stole details about the company’s AI technology design.”
Previously, in 2023, a simpler bug involving a jailbreak prompt allowed hackers to retrieve personal data from paid OpenAI customers.
However, this time, security researchers are not sure the hack has occurred. Daily dots Reporter Michael Taran wrote to X that he found an invalid email address in the expected sample data: The logs have also been deleted. ”
There is no evidence that this alleged Openai violation is justified.
I contacted all my email addresses from sample login credentials.
At least two addresses were invalid. The only other post on the user’s forum is for Steeler Log. The thread has also been deleted. https://t.co/ykpmxkqhsp
– Michael Talen (@mikaeltalen) February 6, 2025
Openai makes it “serious”
In a shared statement DecryptionOpenai spokesman acknowledged the situation, claiming that the company’s systems look safe.
“We take these claims seriously,” the spokesman added:
The scope of the suspicious violations has sparked concerns due to Openai’s large user base. Millions of users worldwide rely on company tools such as CHATGPT for business operations, educational purposes and content generation. A legitimate violation could make public personal conversations, commercial projects, or other sensitive data.
Several precautions are always recommended until the final report arises.
- Go to the (Configuration) tab, log out of all connected devices and enable 2-factor authentication or 2FA. This makes it virtually impossible for hackers to access your account, even if your login and password are compromised.
- If your bank supports it, create a virtual card number to manage your OpenAI subscription. This makes it easier to spot and prevent fraud.
- Always be aware of conversations stored in the chatbot’s memory and phishing attempts. Openai does not request personal information and payment updates are always processed via the official Openai.com link.
Edited by Andrew Hayward
Discover more from Earlybirds Invest
Subscribe to get the latest posts sent to your email.
