An anonymous threat actor has allegedly claimed responsibility for a massive data breach affecting OpenAI, offering for sale a database containing the login credentials of 20 million users on the dark web.
The unverified claim that surfaced on an underground hacking forum has raised concerns about data security for millions of users relying on OpenAI’s services.
The threat actor alleges they have access to a trove of login credentials, including emails and hashed passwords, purportedly sourced from OpenAI’s user accounts.
To promote their discovery, they shared a post with a sample of the data and more being offered for a few dollars.
”When I realized that OpenAI might have to verify accounts in bulk, I understood that my password wouldn’t stay hidden. I have more than 20 million access codes to OpenAI accounts. If you want, you can contact me – this is a treasure, and Jesus thinks so too,” reads the post by the threat actor on the hacker forum, which was shared by HackManac.
OpenAI and independent cybersecurity firms have neither officially confirmed nor denied the threat actor’s claims.
If proven true, this breach would be one of the largest data leaks related to OpenAI and could also lead to phishing attacks, unauthorized access, and identity theft.
While the authenticity of the breach remains unconfirmed, OpenAI users should remain vigilant and prioritize digital security measures.
They are advised to take precautionary measures such as updating OpenAI passwords and avoiding using the same password across multiple sites, enabling two-factor authentication (2FA), and monitoring accounts linked to OpenAI for unusual login attempts or password reset requests.
Whether this is a legitimate breach or an elaborate hoax, the incident serves as a stark reminder of the persistent threats in the digital realm.
This is a developing story; updates will follow as new information emerges.
