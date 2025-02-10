AI/ML, Identity, Data Security, Application security
OpenAI claimed to have over 20M credentials stolen
Cybernews reports that OpenAI had more than 20 million purportedly stolen account access codes that could be leveraged to circumvent authentication systems advertised for sale by the Russian threat actor dubbed "emirking" on BreachForums. Further investigation into emirking's claims is still underway but such an extensive OpenAI account credential theft may have been achieved by exploiting vulnerabilities or securing admin credentials to infiltrate the auth0.openai.com subdomain, according to Malwarebytes researchers, who noted that confirmation of the leak's legitimacy would suggest emirking's access to ChatGPT conversations and queries. With the alleged credential exfiltration posing an increased risk for social engineering attacks and API exploitation for premium subscription lures, OpenAI users have been urged to not only replace their passwords and activate multi-factor authentication but also be vigilant of suspicious account activity and attempted phishing using information they have provided to ChatGPT.
