AI/ML, Identity, Data Security, Application security

OpenAI claimed to have over 20M credentials stolen

February 10, 2025

(Adobe Stock)

Cybernews reports that OpenAI had more than 20 million purportedly stolen account access codes that could be leveraged to circumvent authentication systems advertised for sale by the Russian threat actor dubbed "emirking" on BreachForums.

Further investigation into emirking's claims is still underway but such an extensive OpenAI account credential theft may have been achieved by exploiting vulnerabilities or securing admin credentials to infiltrate the auth0.openai.com subdomain, according to Malwarebytes researchers, who noted that confirmation of the leak's legitimacy would suggest emirking's access to ChatGPT conversations and queries. With the alleged credential exfiltration posing an increased risk for social engineering attacks and API exploitation for premium subscription lures, OpenAI users have been urged to not only replace their passwords and activate multi-factor authentication but also be vigilant of suspicious account activity and attempted phishing using information they have provided to ChatGPT.

An In-Depth Guide to AI

Get essential knowledge and practical strategies to use AI to better your security program.

Learn More

SC Staff

person typing on a touch screen schedule plan calendar.

AI/ML

AI agents: The next step in the artificial intelligence revolution?

Stephen WeigandFebruary 11, 2025

They’re task-oriented and designed to carry them out without human input. The AI agents are coming.

Engineer using DeepSeek R1 model chat to solve a reasoning problem

AI/ML

DeepSeek prohibited in New York government devices

SC StaffFebruary 11, 2025

Increasing concerns regarding the potential utilization of Chinese artificial intelligence platform DeepSeek for foreign government surveillance have prompted New York Gov. Kathy Hochul to ban the AI chatbot's usage across all state-issued devices just days after Texas Gov. Greg Abbott issued a similar prohibition for DeepSeek and Chinese-owned social media apps.

Computer screen showing red ransomware warning message in home o

Attack surface management

Seed funding secures $3.2M for ThreatMate

SC StaffFebruary 10, 2025

Aside from integrating analytics and continuous monitoring to improve MSP management of customers' accounts, ThreatMate's solution has been touted to enable automated penetration testing, cybersecurity audits, risk scoring, asset discovery, and dark web tracking to facilitate less complex and costly security, compared with typical enterprise security platforms.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news