Recently, the field of cybersecurity has attracted attention again. A Russian hacker claims to have login information of 20 million OpenAI ChatGPT accounts and is publicly sold on a hacker forum. This incident highlights the severity of the cyber threat and reminds users to strengthen account security protection.
Recently, a Russian hacker who called himself "emirking" posted a login information claiming to be 20 million OpenAI ChatGPT accounts on the famous hacking market BreachForums and sold it for price. The news was jointly released by AI startup OpenAI and cybersecurity company Malwarebytes Labs on Friday, showing the severity of the cybersecurity threat.
Image source notes: The image is generated by AI, and the image authorized service provider Midjourney
According to Malwarebytes' blog, the post posted by emirking on the forum was written in Russian, and after translation, it showed the hacker's arrogant attitude. He claimed: "I have access codes for more than 20 million OpenAI accounts. If you want, you can contact me - this is a wealth." It is worth noting that emirking registered on the forum for 1 in 2025. Month, there are only two posts, which sparked suspicion among experts who believe he might be using a new account to evade law enforcement agencies.
Malwarebytes mentioned in the report that they are verifying the authenticity of this information. The report noted that the post suggested that the hacker found access codes that could bypass the platform's authentication system. Experts believe that such a large-scale login information leak is unlikely to be obtained through phishing attacks on users. They speculated that the hacker might have exploited the vulnerability or obtained administrator credentials, thus breaking through OpenAI's authentication system.
The report also warns users that if the leak is true this time, any cybercriminal holding this stolen data may access the user's ChatGPT query and conversation records. In addition, these sensitive information may also be used to target users for social engineering attacks such as phishing and financial fraud.
To protect your own safety, Malwarebytes recommends OpenAI account holders to take the following measures immediately:
1. Change the account password.
2. Enable Multi-factor Authentication (MFA).
3. Monitor account activity and be aware of any abnormal or unauthorized use.
4. Be wary of phishing attacks that may be conducted using information obtained in communication with ChatGPT.
Finally, Malwarebytes Labs adds that although users claim that the leaked credentials do not directly provide access to their ChatGPT conversations, they still need to be wary of potential malicious behavior.
Key points:
Hackers sell login information for 20 million OpenAI accounts on BreachForums, users need to be wary of security risks.
Experts suspect that the login information leak was caused by hackers breaking through the authentication system, not a simple phishing attack.
OpenAI account holders need to change their password immediately, enable multi-factor authentication, and monitor account activity.
This incident once again reminds us that network security cannot be ignored, and users must always be vigilant and take effective measures to protect personal information.