Skip to content

Hacker found selling 20 million OpenAI credentials; AI firm claims no breach

  • by
  • 3 min read

Photo: Koshiro K/Shutterstock.com

A threat actor named “Emirking” was discovered on the popular cybercrime forum BreachForums, claiming they have access to over 20 million account access codes from OpenAI. OpenAI, however, claims that there’s no evidence of a breach, with researchers suggesting the data might have come from infostealers.

The post was discovered by threat intelligence firm Kela on February 6. The threat actor asked interested readers to reach out to them, possibly wanting to sell these accounts to the highest bidder. Additionally, while the post is written in Russian, the wording suggests that it might be an automatic translation into the language rather than being written natively.

The threat actor also provided a sample database of 30 credentials cross-referenced from Kela’s database of compromised accounts via various infostealer malware. All credentials in the sample database provided by Emirking were found to originate from these compromised accounts, suggesting that the entire 20 million credential databases could be a result of a massive info stealer malware campaign.

This is an image of openai credential leak post
Post on BreachForums claiming access to 20 million OpenAI credentials. | Source: Kela

Further investigation into the sample database found them identical to credentials from multiple other sources that also share and sell data stolen via infostealer malware. Kela claims that the compromised credentials come from 14 distinct sources, including private data leaks (originating from paid sources) and public data leaks on shared forums and dark web marketplaces. The most prevalent source in the dataset was linked to over 118 million compromised credentials in the firm’s data lake.

The infostealer malware families linked to these data sets include Redline, RisePro, StealC, Lumma, and Vidar, with eight, five, four, five, and four occurrences, respectively. The majority of infections happened between January and April 2024, and 23 out of 28 compromised emails were used for registrations on other services.

While this might put OpenAI in the clear, Kela’s report highlights a far bigger problem — the rampant rise of infostealer malware. With attackers continuously refining their attack methods, both for capturing and monetising stolen information, more care than ever is required to detect and take proper mitigations against malware.

In the News: AI-powered hack targets verified X accounts with fake interview DMs

Yadullah Abidi

Yadullah Abidi

Yadullah is a Computer Science graduate who writes/edits/shoots/codes all things cybersecurity, gaming, and tech hardware. When he's not, he streams himself racing virtual cars. He's been writing and reporting on tech and cybersecurity with websites like Candid.Technology and MakeUseOf since 2018. You can contact him here: yadullahabidi@pm.me.

Related Reads

This is an image of fraud scam featured

JioHotstar, LV, Warner Bros, and others fight copycat websites surge

This is an image of foxconn shenzhen

Foxconn unveils FoxBrain, its in-house LLM for manufacturing

  • by
  • AI, In News
This is an image of digtialarrest featured pixabay ss1

Delhi Police arrests four in Rs 44.50 lakh digital arrest scam

This is an image of cyber security internet security featured

SideWinder targets logistics, nuclear sectors in Asian and African countries

This is an image of meta fb oculus workspace whatsapp messenger instagram

Whistleblower alleges Meta suppressed dissident for China access

This is an image of dark web hacker security

North Korean hackers deploy Qilin ransomware in new attacks

>