Cyber Crime
Cybercriminal ‘Emirking’ Claims to Have Stolen 20 Million OpenAI User Credentials
A cybercriminal using the alias “emirking” has allegedly stolen and put up for sale 20 million OpenAI user login credentials, according to a post on a dark web forum. The hacker even shared what appeared to be samples of the stolen data.
Potential Exploit in OpenAI’s Authentication System
In a translated Russian post, emirking suggested that OpenAI’s bulk account verification process led to the exposure of access codes that could bypass authentication. While it’s unlikely that such a massive trove of credentials was harvested through phishing attacks alone, experts speculate that a vulnerability in OpenAI’s authentication system (auth0.openai.com) or stolen administrator credentials may have been exploited.
Despite being a new user on the forum (joined January 2025), emirking may have previously operated under a different alias for security reasons.
Register Now for FutureCrime Summit 2025 – Secure Your Spot Today!
Potential Risks for OpenAI Users
If the claims are true, the stolen credentials could have serious consequences, including:
- Unauthorized access to OpenAI accounts, potentially exposing private conversations and queries.
- Phishing and fraud attempts, using stolen data to craft targeted attacks.
- Abuse of OpenAI’s API, forcing victims to pay for unauthorized usage of premium features like ChatGPT Plus or Pro.
However, some dark web users have questioned the authenticity of the leaked credentials, claiming they do not provide access to ChatGPT conversations.
Another Blow for OpenAI Amid Recent Controversy
This incident comes at a challenging time for OpenAI, following Microsoft’s recent investigation into allegations that DeepSeek improperly used OpenAI’s ChatGPT model to train its AI chatbot.
How to Protect Your Account
If you are concerned that your OpenAI account may be affected, take these steps immediately:
- Change your OpenAI password to a strong, unique one.
- Enable Multi-Factor Authentication (MFA) for added security.
- Monitor your account for any unauthorized activity or unusual charges.
- Be cautious of phishing attempts that may use stolen information.
At the time of writing, BreachForums, the dark web marketplace where the credentials were listed, was offline, preventing independent verification of the claims. However, cybersecurity experts will continue monitoring the situation for further updates.
