OpenAI, the leading artificial intelligence firm, has recently found itself at the center of a potential security breach. A hacker, using the pseudonym ’emirking,’ has claimed to have stolen the login credentials for 20 million user accounts of the AI company. The alleged breach was publicized on a dark web forum, where the hacker advertised the sale of “more than 20 million access codes to OpenAI accounts,” referring to it as a “goldmine.” According to reports by Gbhackers, the full dataset of stolen information was being offered for a nominal price.
The hacker’s audacious claim was couched in a cryptic message written in Russian, and reportedly included a sample of the stolen data, featuring email addresses and passwords. “I have over 20 million access codes for OpenAI accounts,” emirking wrote last Thursday. “If you’re interested, reach out—this is a goldmine, and Jesus agrees.”
If confirmed, this would mark the third significant security incident that the company has faced since the public release of its popular ChatGPT tool. Last year saw the company’s internal Slack messaging system compromised, leading to the theft of detailed information on the design of OpenAI’s AI technologies. Earlier, in 2023, an exploitation of a simple bug allowed hackers to access the private data of OpenAI’s paying customers.
However, the current alleged breach has raised doubts among security researchers. Daily Dot reporter, Mikael Thalan, stated that he discovered invalid email addresses in the sample data provided by the hacker, casting serious doubt on the legitimacy of the alleged breach. His investigations have found, “No evidence (suggests) this alleged OpenAI breach is legitimate.”
Despite the current uncertainties surrounding the alleged breach, OpenAI has responded promptly. In a statement to Decrypt, a spokesperson for the AI company confirmed that they are treating the claims with the seriousness they deserve, while also reassuring users that the company’s systems appear to be uncompromised, stating, “We have not seen any evidence that this is connected to a compromise of OpenAI systems to date.”
The potential scale of the alleged breach is a cause for concern, given OpenAI’s extensive user base. Millions of individuals and businesses worldwide rely on OpenAI’s tools, such as ChatGPT, for a variety of purposes, including business operations, education, and content generation. A confirmed breach could expose sensitive data including private conversations and commercial projects.
OpenAI encourages users to take preventative measures such as logging out from all connected devices, enabling two-factor authentication (2FA), and using a virtual card number for OpenAI subscriptions if supported by their bank. Users are also advised to monitor the conversations stored in the chatbot’s memory for any unusual activity and be alert to phishing attempts. Importantly, OpenAI does not request personal information from users, and any payment update is always conducted via the official OpenAI.com link.
