The hacker claims to have listed the login credentials for 20 million OpenAI user accounts. OpenAI says its investigation has found no evidence of a compromise
A hacker claims to be selling the login credentials of 20 million OpenAI users accounts – but the company says its own investigation has found no evidence of a hack. Malwarebytes Labs ( ) discovered that a cybercriminal by the name of ’emirking,’ had posted a dataset on a cybercrime website for sale. The dataset claimed to contain ‘20,000,000 access codes to OpenAI account’. OpenAI responded
by saying, “We take these allegations seriously.” We haven’t seen any evidence to date that this is related to a compromise of OpenAI Systems. Breaches such as these can have devastating consequences for both the company, and its users. Here’s what we know.
A story that seems unlikely? It’s an unlikely story? The credentials were obtained by infostealer malware.
KELA’s analysis of the sample revealed that the compromised logins were related to OpenAI services and contained authentication details for ‘auth0.openai.com.’
Sign-up for the TechRadar Pro Newsletter to get the latest news, opinions, features, and guidance that your business needs to be successful! The security researchers then compared these details to their own data lake “compromised accounts obtained from infostealer malware, which contains more than a billion records, including over 4 million bots collected in 2024.”
and found that “all credentials from the sample shared with the actor ’emirking,’ originated in these compromised accounts. This likely indicates the source of the 20 million OpenAI account the actor intends on selling,” the security firm confirmed.
The investigation concluded that “the majority of compromised credentials of OpenAI services offered for sale on BreachForums by emirking are not related to a breach of OpenaAI systems.”
the credentials were part of a larger data set “scraped from a mix of private and public sources that sell and share infostealer logs” and not from a non-reported compromise.
Staying Safe
Anyone whose credentials have been leaked is at Risk, no matter how they were obtained. This incident poses a major threat to identity theft and social engineering attacks.
Because AI chatbot users (sometimes unwittingly), hand over personal information to the bots, anyone with access could use their compromised email address to engineer phishing attacks that steal more information.
Asking a chatbot to recommend restaurants in your city, for budget advice, or to answer work-specific questions can give attackers the information they need to create a convincing message pretending to be someone else.
The best way to combat this is to be vigilant. Do not give out information to an unidentified person or unexpected contact you haven’t thoroughly checked first. Also, do not click on any links that you aren’t sure about.
Create a strong password and do not reuse it from one website to another. This will help you to quarantine any accounts that have been compromised.
The same process is used to reduce the risk of identity fraud. Keep an eye on all your accounts, bills, and statements to ensure that nothing is suspicious. Let your bank know immediately of any suspicious activity.
In addition, we have listed software that can do all the work for you. It will monitor your credit files and alert you to any suspicious activity. It will also alert you if your personal information has been used (such as opening new bank accounts in your name). Check out our top picks for the best identity theft protection policies for families. Some offer insurance policies and identity recovery up to $1,000,000.
You may also enjoy
- Check our list of the top firewall software available today
- A US health provider informs 882,000 patients that they were affected by the August 2023 hack
- As well as the best malware removal tools on the market right now
