This post is also available in:
עברית (Hebrew)
A massive breach involving OpenAI’s ChatGPT has emerged, with a Russian threat actor reportedly selling the login credentials for 20 million accounts on the notorious hacker marketplace, BreachForums. This revelation came from a blog post by Malwarebytes Labs, which shared details of the theft.
The hacker, known as “emirking” on BreachForums, posted samples of what they claim to be the stolen login information on Thursday, February 6th. The post, written in Russian and later translated by Malwarebytes, suggests the actor has access to millions of OpenAI accounts. “I have more than 20 million access codes to OpenAI accounts. If you want, you can contact me—this is a treasure,” the post reads. Despite having joined the forum only in January 2025, emirking may be an experienced cybercriminal using a new profile to maintain anonymity, according to the researchers.
While the authenticity of the claim is still under investigation, Malwarebytes researchers noted that the credentials could potentially allow cybercriminals to bypass OpenAI’s authentication systems, offering unrestricted access to user accounts. Researchers also dismissed the idea that phishing attacks were responsible for collecting such a large number of credentials. Instead, they suspect that the hacker may have exploited a vulnerability in OpenAI’s authentication system, possibly targeting the “auth0.openai.com” subdomain or gaining access to administrator credentials.
If the breach is verified, the stolen credentials could expose sensitive ChatGPT data, such as user queries and conversations. This information could be exploited for social engineering attacks, including spear phishing and financial fraud. Furthermore, the stolen data might allow attackers to abuse OpenAI’s API, potentially racking up charges for ChatGPT’s premium “Plus” or “Pro” features.
To mitigate risks, Malwarebytes strongly advises OpenAI account holders to immediately change their passwords, enable multi-factor authentication (MFA), and monitor their accounts for suspicious activity. Users should also be vigilant about phishing attempts based on information exchanged with ChatGPT.
