CyberSecurity news
@cyberinsider.com
//
Reports have surfaced regarding a potential data breach at OpenAI, with claims suggesting that 20 million user accounts may have been compromised. The cybercriminal known as "emirking" claimed to have stolen the login credentials and put them up for sale on a dark web forum, even sharing samples of the supposed stolen data. Early investigations indicate that the compromised credentials did not originate from a direct breach of OpenAI's systems.
Instead, cybersecurity researchers believe the credentials were harvested through infostealer malware, which collects login information from various sources on infected devices. Security experts suggest that the extensive credential theft may have been achieved by exploiting vulnerabilities or securing admin credentials. OpenAI is currently investigating the incident. Users are urged to change their passwords and enable multi-factor authentication.
ImgSrc: mnwa9ap4czgf-u1
References :
- socradar.io: Massive OpenAI Leak, WordPress Admin Exploit, Inkafarma Data Breach
- www.heise.de: Cyberattack? OpenAI investigates potential leak of 20 million users' data
- www.the420.in: The 420 reports on cybercriminal emirking claiming to have stolen 20 million OpenAI user credentials.
- Cybernews: A Russian threat actor has posted for sale the alleged login account credentials for 20 million OpenAI ChatGPT accounts.
- www.scworld.com: Such an extensive OpenAI account credential theft may have been achieved by exploiting vulnerabilities or securing admin credentials to infiltrate the auth0.openai.com subdomain, according to Malwarebytes researchers, who noted that confirmation of the leak's legitimacy would suggest emirking's access to ChatGPT conversations and queries.
- BleepingComputer: BleepingComputer article on the potential OpenAI data breach.
- The420.in: The420.in article on the alleged theft of OpenAI user credentials.
- cyberinsider.com: CyberInsider details how an alleged OpenAI data breach is actually an infostealer logs collection.
Classification:
- HashTags: #OpenAI #DataBreach #Infostealers
- Company: OpenAI
- Target: OpenAI users
- Product: OpenAI accounts
- Feature: Account compromise
- Malware: Infostealers
- Type: DataBreach
- Severity: Medium