Attacker claims OpenAI breach, offering 20m logins for sale

All GPT-based integrations could be affected

A threat actor posting on a dark web forum claims to have stolen 20 million user logins from ChatGPT-maker OpenAI, and is offering them for sale.

The apparent attacker posted in Russian. According to GB Hackers, which first reported the breach, their translated post reads: “I have more than 20 million access codes to OpenAI accounts. If you want, you can contact me – this is a treasure, and Jesus thinks so too.

“When I realized that openai might have to check accounts in bulk, I realized that my password would not be hidden.”

Given the popularity of OpenAI’s tools among consumers and professionals – and with many people uploading their own IP and confidential information to those tools – the claim has worried users.

It’s not just ChatGPT that is affected, but other GPT-based integrations businesses might be using internally.

The claim is so far unverified, however, and OpenAI has not commented.

If the attacker’s claims are true, the breach would be one of the largest related to OpenAI to-date.

To be on the safe side, users should consider changing their passwords associated with OpenAI, monitor accounts for unusual activity and – of course – never reuse those passwords with other accounts.

Want to know more? Computing 's Cybersecurity Festival returns to London in May, where senior IT decision makers can learn about modern challenges, compare strategies with peers, and source solutions. Click here to register for free.