HQ/EMEAFind out how we can help your business
A hacker recently claimed to have obtained credentials for 20 million OpenAI accounts and attempted to sell them on a cybercrime forum. However, investigations suggest that the data was stolen through information-stealing malware rather than a security breach at OpenAI.
The hacker, known by the alias ‘emirking,’ made the hacking claim on BreachForums, a well-known platform where cybercriminals trade stolen data. The post advertised the sale of OpenAI credentials, raising concerns about a possible data breach affecting the artificial intelligence firm.
OpenAI responded to these claims, stating that there was no evidence to suggest its systems had been compromised.
A company spokesperson assured that the matter was being taken seriously and that investigations found no link between the alleged leaked data and an internal security breach.
Threat intelligence experts analysed a sample of the credentials provided by the hacker. The findings confirmed that the data likely originated from infostealer malware rather than OpenAI’s systems. The company cross-referenced the credentials with its extensive database of over one billion compromised records and found a match with previously stolen data.
The analysis also showed that the credentials appeared to have been harvested from multiple sources, both private and public, that distribute infostealer logs. The stolen data was linked to well-known malware strains such as Redline, RisePro, StealC, Lumma, and Vidar. Cybercriminals typically use these types of malware to steal login credentials from infected devices.
Further supporting this conclusion, experts noted that the hacker’s first post on BreachForums was related to infostealer logs, reinforcing the likelihood that the OpenAI credentials were obtained through similar means. Additionally, the original post advertising the data was later deleted from the forum.
BreachForums has become a frequent marketplace for hackers claiming to have obtained valuable data from major companies. However, many of these claims turn out to be exaggerated or entirely false. In this case, while a large volume of OpenAI-related credentials was indeed being sold, the evidence suggests they were collected through widespread malware infections rather than a direct attack on OpenAI’s systems.
Users are advised to remain vigilant against information-stealing malware, which can compromise sensitive accounts. Security experts recommend using strong, unique passwords and enabling multi-factor authentication to protect against such threats.
