Using the alias ‘emirking,’ a cybercriminal has reportedly stolen 20 million OpenAI user login credentials and listed them for sale on a dark web forum, even posting sample data as evidence.
‘Emirking’ claims in a Russian-language post that OpenAI’s bulk account verification process allowed access code exposure. Experts suspect the breach may have exploited a flaw in OpenAI’s authentication system (auth0.openai.com) or involved stolen admin credentials.
A translation of the Russian statement by 'emirking':
❝When I realized that OpenAI might have to verify accounts in bulk, I understood that my password wouldn’t stay hidden. I have more than 20 million access codes to OpenAI accounts. If you want, you can contact me—this is a treasure.❞
‘Emirking’ may seem like a newcomer, having joined the forums in January 2025, but this could be a rebranded account to maintain anonymity and avoid detection.
Hackers with access to the stolen OpenAI credentials could extract personal details from user queries, aiding phishing schemes and fraud. Additionally, they could misuse the OpenAI API, charging victims for premium features. Still, other dark web members claimed the leaked credentials didn’t unlock ChatGPT conversations.
The timing of this incident is tough for OpenAI, as it coincides with Microsoft’s probe into allegations that DeepSeek improperly leveraged the ChatGPT model to train its AI chatbot.
(The Image used in this blog post has been taken from Malwarebytes.com)
