A Russian threat actor has posted for sale the alleged login account credentials for 20 million OpenAI ChatGPT accounts on the infamous hacker marketplace BreachForums.
The AI startup and Malwarebytes Labs revealed the theft in a blog post on Friday, just one day after a Breached user calling themselves “emirking” posted samples of the so-called stolen credentials Thursday morning.
Emirking’s post, written in all Russian, was translated into English by the Malwarebytes team.
“When I realized that OpenAI might have to verify accounts in bulk, I understood that my password wouldn’t stay hidden. I have more than 20 million access codes to OpenAI accounts. If you want, you can contact me – this is a treasure,” the BreachFoums poster stated.
Emirking appears to be brand new to the dark hacker forum, with a join date of January 2025 and showing only one other post.
Still, the researchers say "emirking" could also be a veteran poster using a new profile to stay anonymous, possibly even attempting to avoid law enforcement, who are known to lurk on the site and other forums in hopes of nabbing cybercriminals.
Malwarebytes, which said it was still verifying the claim at the time of this report, explains that the post itself “suggests that the cybercriminal found access codes which could be used to bypass the platform’s authentication systems.”
On how the credentials could have been compomised, the threat researchers pointed out that it was unlikely such a vast number of login credentials “could be harvested in phishing operations against users.”
Instead, researchers believe the bad actor may have figured out a way to “compromise the auth0.openai.com subdomain” via vulnerability exploitation or by getting their hands on administrator credentials.
A cybercriminal calling themselves undefinedemirkingundefined is offering 20 million OpenAI accounts for sale on a Dark Web forum. https://t.co/F2MyV8nLAu
undefined Malwarebytes (@Malwarebytes) February 7, 2025
Either way, the Malwarebytes blog warns users that if the leak is legitimate, any cybercriminal in possession of the stolen data could have access to a user's ChatGPT queries and conversations.
Furthermore, that sensitive personal information could then be used to target a user with social engineering attacks, such as spear phishing and financial fraud, it advised.
To stay protected, Malwarebytes said OpenAI account holders should immediately:
- Change their password.
- Enable multi-factor authentication (MFA).
- Monitor their account for any unusual activity or unauthorized usage.
- Beware of phishing attempts using information exchanged with ChatGPT.
The researchers also mentioned that the alleged login information could be used for other malicious acts, including "abusing the OpenAI API to make victims pay for the chatbot’s Plus or Pro features."
Malwarebytes Labs additionally noted that other Breached users have claimed the leaked credentials do not provide direct access to any of the account holders' ChatGPT conversations.
Your email address will not be published. Required fields are markedmarked