Hacker Claims Selling Credentials Of 20 Million ChatGPT Accounts, OpenAI Denies Hacking

OepnaI, denied that there had been a hack on its site (photo; x @openai)

JAKARTA The cyber world is again shocked by the claim of a hacker who claims to have 20 million OpenAI account credentials and sold them in hacking forums. Although OpenAI has investigated this incident and stated there is no evidence of leakage of their system, reports from various cybersecurity firms suggest that the data is most likely obtained through infostealer malware.

Based on a report from Malwarebytes, a hacker with the pseudonym "emirking" is reported to have registered a large dataset for sale on the BreachForum, a well-known cyber crime forum. In his post, emirking claims to have "20 million access codes to OpenAI accounts."

Although this claim has not been independently verified, the report states that it is likely that hackers will gain access by exploiting auth0.openai.com subdomains or obtaining OpenAI administrator credentials.

This news quickly spread, sparking concern among OpenAI users around the world. OpenAI immediately carried out an internal investigation and issued an official statement:

We take this claim seriously. Until now, we have found no evidence that this incident is related to the leak of the OpenAI system.

KELA Analysis: Bocor Data From Infostealer Malware, Not OpenAI Hacking

Meanwhile, cybersecurity firm KELA also analyzed datasets claimed to be sold by hackers. After conducting an in-depth examination, they found that the data traded came from an infostealer malware attack, not from an OpenAI system leak.

KELA matches existing credentials with a database of billions of accounts collected from various infostealer malware. As a result, all accounts registered with the BreachForum come from users who were previously infected with malware.

In other words, hackers are most likely not to hack the OpenAI system directly, but rather collect credentials from malware-infected user devices.

What Should Users Do? Even though OpenAI denies the leakage of the system, users are still advised to: "Enable two-factor authentication (2FA) for additional security. Change the OpenAI account password periodically, especially if using the same password in other services. Check the device from malware infection, because the stolen credentials can come from infostealers that infiltrate the user's system. Avoid downloading software from unofficial sources to prevent malware infection.

This incident serves as a reminder that although big companies like OpenAI have a strong security system, cyberattacks on individual users remain a major threat. Make sure to always keep your account and device safe!