 "Hacker claims he stole over 20 million credentials from OpenAI, AI company says no evidence of breach")
A hacker has surfaced online, claiming to be selling login credentials of 20 million OpenAI user accounts. However, OpenAI insists there is no evidence of a security breach on its systems.
Cybersecurity experts at Malwarebytes Labs uncovered a post on a cybercrime forum by a user known as ‘emirking,’ who alleged they had access to a massive dataset containing millions of OpenAI account details, as per a report by Tech Radar.
Despite these claims, OpenAI reassured users that its internal investigation found nothing to suggest its systems had been compromised. While such leaks can have serious consequences, there are several reasons to question the authenticity of this alleged hack.
A suspicious leak
The sheer scale of the supposed leak has raised eyebrows. Malwarebytes Labs noted that collecting 20 million login credentials through phishing alone would be highly unlikely. If the hacker’s claim were true, they may have exploited a vulnerability in OpenAI’s authentication system or obtained administrator credentials. However, there’s little evidence to back this up.
Security firm KELA conducted its own analysis and found that the leaked credentials were linked to OpenAI services but had actually been acquired through info stealer malware rather than a direct system breach.
By cross-referencing the data with its vast repository of compromised accounts, KELA determined that these credentials were part of a broader dataset collected from various sources that sell stolen login information. The conclusion? The credentials up for sale likely originated from users who had unknowingly had their details stolen by malware rather than from a security failure on OpenAI’s end.
What’s the real risk
Regardless of how these credentials were obtained, affected users could be at risk. The main concern here isn’t just unauthorised access to OpenAI accounts—it’s what can be done with that information. AI chatbot users often enter personal details, whether it’s financial advice, work-related queries, or even simple location-based recommendations.
If a hacker gains access to an account, they can use that information to craft convincing phishing scams, impersonating trusted contacts or companies to extract even more sensitive data.
For instance, if someone frequently asks a chatbot for budgeting tips, an attacker might send them a fake email pretending to be from their bank. Similarly, if a user discusses business topics, the hacker could pose as a colleague or employer. These social engineering tactics are highly effective, making vigilance crucial.
Staying safe online
Even if this leak isn’t tied to an OpenAI security failure, it’s a reminder to take online safety seriously. If you suspect your details might be compromised, it’s wise to update your password immediately. Cybersecurity experts recommend using unique, complex passwords for each service and enabling two-factor authentication (2FA) whenever possible.
It’s also essential to remain cautious about emails, messages, or links that seem even slightly suspicious. If something feels off, verify the sender before clicking on anything or sharing personal information. Regularly monitoring bank statements and online accounts can also help detect unusual activity early.
For those concerned about identity theft, there are security services that track your personal information and alert you to any suspicious activity, including new accounts being opened in your name. Some even offer recovery services and insurance coverage. While this particular data leak may not have been a direct OpenAI breach, it serves as another reminder that cybersecurity threats are constantly evolving, and staying informed is the best defence.
 "Russian drones over Poland: Trump’s tepid reaction a wake-up call for Nato?")
 "As Russia pushes east, Ukraine faces mounting pressure to defend its heartland")
 "Why Mossad was not on board with Israel’s strike on Hamas in Qatar")
 "Turkey: Erdogan's police arrest opposition mayor Hasan Mutlu, dozens officials in corruption probe")
 "Russian drones over Poland: Trump’s tepid reaction a wake-up call for Nato?")
 "As Russia pushes east, Ukraine faces mounting pressure to defend its heartland")
 "Why Mossad was not on board with Israel’s strike on Hamas in Qatar")
 "Turkey: Erdogan's police arrest opposition mayor Hasan Mutlu, dozens officials in corruption probe")
