InfoSecBulletin Cybersecurity for mankind
A threat actor has reportedly acquired login details, including passwords and email addresses, for 20 million OpenAI accounts. GBHackers report states that an underground forum user claimed to sell a sample of data and the full batch for a low price.
The authenticity of these claims is unverified, but the situation has raised serious concerns about data security in the AI industry.
Hacker claim to breach Link3; 189,000 Users data up for sale
Check Point Hosts “Securing the Hyperconnected World in the AI Era” in Dhaka
Microsoft Confirms 900+ XSS Vulns Found in IT Services
Daily Security Update Dated : 15.09.2025
IBM QRadar SIEM Vuln Let Attackers Perform Unauthorized Actions
Major Australian Banks using Army of AI Bots to Scam Scammers
F5 to acquire CalypsoAI for $180M for Advanced AI Security Capabilities
AI Pentesting Tool ‘Villager’ Merges Kali Linux with DeepSeek AI for Automated Attacks
CVE-2025-21043
Samsung Patched Critical Zero-Day Flaw Exploited in Android Attacks
Albania appoints world’s first AI minister, “Diella” to Tackle Corruption
”When I realized that OpenAI might have to verify accounts in bulk, I understood that my password wouldn’t stay hidden. I have more than 20 million access codes to OpenAI accounts. If you want, you can contact me – this is a treasure, and Jesus thinks so too”, The post reads by the threat actor.
HackManac shared a post from a hacker forum detailing claims made by a threat actor.
Recent cyber threats aimed at AI platforms have risen, highlighted by a July 2023 incident where researchers found over 200,000 OpenAI credentials for sale on the dark web.
These incidents show that cybercriminals are increasingly using AI technologies for malicious activities.
As generative AI tools like ChatGPT become more common, they attract the attention of cybercriminals. Neither OpenAI nor cybersecurity firms have verified the threat actor’s claims.
Source: GBhacker, Cybersecuritynews, Hackmanac
(Media Disclaimer: This report is based on research conducted internally and externally using different ways. The information provided is for reference only, and users are responsible for relying on it. Infosecbulletin is not liable for the accuracy or consequences of using this information by any means)
