OpenAI investigating claims of data breach potentially exposing 20M users
Learn More
On February 7, 2025, reports emerged of a potential data breach at OpenAI after a threat actor claimed to have obtained login credentials for 20 million user accounts. A hacker using the pseudonym "emirking" posted a message in Russian on a dark web forum, offering to sell what they claimed was a massive dataset of OpenAI user credentials.
Exposed data allegedly includes:
- Email addresses
- Account passwords
- Access codes to OpenAI accounts
No details are disclosed about the nature of the attack.
The alleged dataset was being offered for sale for "just a few dollars," though security researchers have raised doubts about the legitimacy of the claim. Daily Dot reporter Mikael Thalan found invalid email addresses in the provided sample data, casting doubt on the authenticity of the breach.
OpenAI has acknowledged the situation and initiated an investigation. If verified, this would mark OpenAI's third major security incident since ChatGPT's public release.
Users should update passwords and login credentials, enable two-factor authentication (2FA) and log out from all connected devices and monitor ChatGPT conversation history for anu abuse. As usual, users should be vigilant for potential phishing attempts.
