OpenAI says it is investigating after a hacker claimed to have swiped login credentials for 20 million of the AI agency’s person accounts—and put them up on the market on a darkish internet discussion board.
The pseudonymous breacher posted a cryptic message in Russian promoting “greater than 20 million entry codes to OpenAI accounts,” calling it “a goldmine” and providing potential patrons what they claimed was pattern knowledge containing electronic mail addresses and passwords. As reported by Gbhackers, the complete dataset was being provided on the market “for just some {dollars}.”
Picture: Gbhackers
“I’ve over 20 million entry codes for OpenAI accounts,” emirking wrote Thursday, in response to a translated screenshot. “Should you’re , attain out—it is a goldmine, and Jesus agrees.”
If authentic, this could be the third main safety incident for the AI firm for the reason that launch of ChatGPT to the general public. Final 12 months, a hacker acquired entry to the corporate’s inside Slack messaging system. Based on The New York Occasions, the hacker “stole particulars in regards to the design of the corporate’s A.I. applied sciences.”
Earlier than that, in 2023 an excellent easier bug involving jailbreaking prompts allowed hackers to acquire the non-public knowledge of OpenAI’s paying prospects.
This time, nevertheless, safety researchers aren’t even certain a hack occurred. Each day Dot reporter Mikael Thalan wrote on X that he discovered invalid electronic mail addresses within the supposed pattern knowledge: “No proof (suggests) this alleged OpenAI breach is authentic. At the least two addresses have been invalid. The person’s solely different publish on the discussion board is for a stealer log. Thread has since been deleted as nicely.”
No proof this alleged OpenAI breach is authentic.
Contacted each electronic mail handle from the purported pattern of login credentials.
At the least 2 addresses have been invalid. The person’s solely different publish on the discussion board is for a stealer log. Thread has since been deleted as nicely. https://t.co/yKpmxKQhsP
In a press release shared with Decrypt, an OpenAI spokesperson acknowledged the state of affairs whereas sustaining that the corporate’s methods appeared safe.
“We take these claims significantly,” the spokesperson mentioned, including: “We’ve not seen any proof that that is related to a compromise of OpenAI methods to this point.”
The scope of the alleged breach sparked issues as a consequence of OpenAI’s large person base. Hundreds of thousands of customers worldwide depend on the corporate’s instruments like ChatGPT for enterprise operations, instructional functions, and content material era. A authentic breach may expose non-public conversations, industrial tasks, and different delicate knowledge.
Till there’s a remaining report, some preventive measures are all the time advisable:
Go to the “Configurations” tab, log off from all related gadgets, and allow two-factor authentication or 2FA. This makes it nearly unattainable for a hacker to achieve entry to the account, even when the login and passwords are compromised.
In case your financial institution helps it, then create a digital card quantity to handle OpenAI subscriptions. This fashion, it’s simpler to identify and forestall fraud.
All the time control the conversations saved within the chatbot’s reminiscence, and concentrate on any phishing makes an attempt. OpenAI doesn’t ask for any private info, and any fee replace is all the time dealt with by the official OpenAI.com hyperlink.
Edited by Andrew Hayward
Usually Clever E-newsletter
A weekly AI journey narrated by Gen, a generative AI mannequin.
