- A hacker has reportedly listed 20 million Openai -Logins for sale
- However, the origin of these credentials is disputed
- Openai says its study has not found any evidence of a compromise
A hacker claims to sell login -credentials of 20 million Openai users accounts -but the company says its own investigation has found no proof of a hack.
A report from Malwarebytes Labs discovered a cyber criminal who goes by the name ‘Emirking’ had listed a data set for sale on a cybercrime forum claiming to contain, ’20 million passwords for Openai accounts’.
Openai replied and said, “We take these claims seriously. We have not seen any evidence that this is associated with a compromise with Openai systems to date. “Violations like these can have catastrophic consequences for both the company and the users, but there are a few red flags that point out that this incident is less than real, here is what we know.
An unlikely story?
In Malwarebytes Lab’s original report, there was some doubt about the origin of the information, with the report sketching
“It seems unlikely that such a large amount of credentials could be harvested in phishing operations against users, so if the claim is true, emirking may have found a way to compromise the authorizer accreditives.”
The report also pointed out that the cyber criminal who was allegedly responsible for the leak was a relatively new user of the forums – which would not mean much on its own, but Kela CyberSecurity also assessed the available data and concluded that the credentials were obtained through InfoTeals -Malware.
The analyzed sample of Kela showed the compromised logins related to Openai services and contained approval information for ‘AUTH0.OPENAI.COM’.
The security researchers then referred to these details with their own data lake of “compromised accounts obtained from infoTeals Malware, which contains more than a billion items, including over 4 million bots collected in 2024.”
“All credentials from the test shared by the actor” emirking “were found to come from these compromised accounts, which probably suggested the source of the full 20 million Openai accounts that the actor intends to sell,” the security company confirmed.
Ultimately, the study concluded, “The majority of compromised credentials on Openai services offered for sale at the offensing forum at emiring are not related to a breaking of Openai systems.”
Credentials were considered part of a larger data set “scraped from a mixture of private and public sources selling and sharing InfoTeals -logfiles” -not from a non -reported compromise.
Remains safe
No matter how the leaked credentials were acquired, anyone who has had their details leaked is in danger. The primary danger of this incident is social technical attacks and identity theft.
Because many users of AI -Chatbots (sometimes inadvertently) transfer personal information, anyone with access to their accounts can use the compromised E -mail address to construct personal and specific phishing attacks designed to steal even more information.
Just asking a chatbot about restaurant recommendations in your city, budgeting advice or work -specific questions or summaries can give attackers all the information they need to create a compelling way to reach out to pretend to be a colleague, trusted company, friend or family member.
Being vigilant is the most effective way to fight this. Do not give any information to an unknown person or unexpected contact that you have not completed first, and be sure not to click on any links you do not have 100% confidence.
Make sure you also create a strong and secure password and it is important that you do not recycle passwords from one place to another – this helps by quantine any account that has been broken.
It is a similar process when you reduce the risk of identity theft. Keep an eye on your accounts, statements and bills to make sure there is nothing you do not recognize and tell your bank immediately if there is anything suspicious.
We have also listed some software that can essentially perform the work for you, monitor your credit files, warn of suspicious activity and warn you if personal information is used (such as new bank accounts opened in your name). Some even offer identity recovery and insurance policies up to $ 1 million, so check out our choices to protect the best identity theft for families if you are concerned about your information.
