Recently, a Russian hacker claiming to be "emirking" posted on the well-known hacking forum BreachForums, alleging to have login information for 20 million OpenAI ChatGPT accounts and putting them up for sale. This news was jointly released by AI startup OpenAI and cybersecurity firm Malwarebytes Labs on Friday, highlighting the seriousness of cybersecurity threats.
Image Source Note: Image generated by AI, licensed by Midjourney
According to a blog by Malwarebytes, the post made by emirking on the forum was written in Russian, and after translation, it revealed the hacker's arrogant attitude. He claimed, "I have access codes for over 20 million OpenAI accounts. If you want them, contact me — it's a fortune." Notably, emirking registered on the forum in January 2025 and has only two posts, raising suspicions among experts who believe he may be using a new account to evade law enforcement.
Malwarebytes mentioned in their report that they are verifying the authenticity of this information. The report indicated that the post suggests the hacker found access codes that could bypass the platform's authentication system. Experts believe that such a large-scale leak of login information is unlikely to have been obtained through phishing attacks on users. They speculate that the hacker may have exploited vulnerabilities or obtained administrative credentials to breach OpenAI's authentication system.
The report also warned users that if this leaked information is accurate, any cybercriminals in possession of this stolen data could potentially access users' ChatGPT queries and conversation histories. Furthermore, this sensitive information could be used for social engineering attacks against users, such as phishing and financial fraud.
To protect their security, Malwarebytes recommends that OpenAI account holders take the following actions immediately:
1. Change your account password.
2. Enable multi-factor authentication (MFA).
3. Monitor account activity and watch for any unusual or unauthorized use.
4. Be cautious of potential phishing attacks that may utilize information obtained from interactions with ChatGPT.
Finally, Malwarebytes Labs added that, although some users claim that the leaked credentials do not directly provide access to their ChatGPT conversations, vigilance against potential malicious activities is still necessary.
Key Points:
💼 A hacker is selling login information for 20 million OpenAI accounts on BreachForums, and users should be alert to security risks.
🔒 Experts suspect that the login information leak was due to the hacker breaching the authentication system, rather than simple phishing attacks.
⚠️ OpenAI account holders should immediately change their passwords, enable multi-factor authentication, and monitor account activity.
