Next Event: Completing the Data Security and Protection Toolkit for the first time

View Event

Search Digital Care Hub

Concerned about a ChatGPT data breach? Here’s what you need to know

Concerned about a ChatGPT data breach? Here’s what you need to know

February 11th 2025

If you’ve seen recent headlines about a possible breach of ChatGPT accounts, you might be wondering whether your data is at risk. A hacker recently claimed on a dark web forum that they have stolen 20 million OpenAI user logins and are offering them for sale. But before you panic, let’s take a closer look at what’s really happening—and what you should do to stay safe.

Is there proof of a ChatGPT breach?

OpenAI is the company that created ChatGPT. Right now, OpenAI has found no evidence of a security breach. That means there’s no confirmed proof that the hacker’s claims are true. However, even if OpenAI itself hasn’t been hacked, cybercriminals often obtain login details from other sources, such as previous breaches on other platforms or through phishing attacks.

According to threat intelligence firm Kela, an analysis of the sample data provided by the hacker suggests that the stolen OpenAI credentials were likely obtained using infostealer malware. This type of malware infects devices and secretly harvests login details, which are then sold on the dark web. This means that if your credentials were compromised, it’s possible that your device has been infected by malware at some point.

So, what does this mean for you? While OpenAI says they have not been compromised, it’s still a good idea to take some precautionary steps to ensure your account is secure.

What should you do if you’re worried?

If you want to be proactive and protect your account, here are some simple but effective steps to take:

1. Check OpenAI’s official help page

The first thing you should do is visit OpenAI’s Help Centre. If there’s an official breach or security issue, OpenAI will provide updates there. If your account has been affected, OpenAI should also contact you directly via email.

2. Change your passwords

Even if OpenAI hasn’t been hacked, it’s still a good habit to update your passwords regularly. If you use the same password for multiple websites, this is even more important. Cybercriminals will try stolen passwords across different platforms, so if your ChatGPT password is also used for other accounts, those could be at risk too.

When changing your password, make sure:

  • It’s unique (not used for other accounts).
  • It’s strong (a mix of letters, numbers, and symbols).
  • You use a password manager to store and generate secure passwords.

3. Scan your device for malware

Since the hacker’s data may have been collected using infostealer malware, it’s a good idea to run a full antivirus scan on your devices. Use reputable security software to check for any infections and remove any suspicious programs.

4. Log out of your accounts on all devices

Once you’ve changed your password, log out of your ChatGPT account on all apps and devices. This ensures that anyone attempting to use your old password is locked out.

To do this:

  • Go to Settings in your OpenAI account.
  • Look for Account or Privacy options.
  • Choose Log out of all devices if available.

This step is crucial because it forces a fresh login using your new password, ensuring that only you have access.

5. Set up multi-factor authentication (MFA)

If you haven’t already, enable multi-factor authentication (MFA) for extra security. This means that even if someone gets hold of your password, they still won’t be able to access your account without an additional verification step, like a code sent to your phone or email.

MFA is particularly important for protecting accounts that hold personal or financial data, such as: email accounts, online banking and social media accounts.

It only takes a few minutes to set up, but it makes a huge difference in keeping your accounts safe from hackers. Find guidance on setting up MFA with OpenAI.

6. Stay alert for phishing scams

Whenever there’s news of a possible data breach, cybercriminals often take advantage of the situation by sending phishing emails. These are fake emails that try to trick you into giving away your login details.

What to watch out for:

  • Emails claiming to be from OpenAI, asking you to reset your password through a suspicious link.
  • Messages urging you to act quickly or risk losing your account.
  • Emails with poor spelling and grammar, which are often a sign of a scam.

If you receive an email about a security issue, don’t click any links immediately. Instead, go directly to OpenAI’s official website and check for any announcements.

Final thoughts: Should you be worried?

At this stage, OpenAI has not confirmed any breach, so there’s no need to panic. However, staying proactive about security is always a good idea. By updating your passwords, scanning your devices for malware, enabling MFA, and being cautious of phishing scams, you can significantly reduce your risk of being affected by cyber threats.

If OpenAI does find any evidence of compromised accounts, they should email affected users directly. In the meantime, following the steps above will help keep your ChatGPT account—and all your other online accounts—safe from hackers.

 

Photo by Levart_Photographer on Unsplash

View all News

Next Event

View all Events
February

11

February

12

View all Events