In early February 2025, a threat actor using the alias “emirking” listed credentials for approximately 20 million OpenAI accounts on BreachForums. Kela’s threat intelligence team, conducting the most thorough public analysis of the dataset, determined the credentials did not come from a breach of OpenAI’s own infrastructure — they were harvested by infostealer malware from compromised end-user devices over an extended period.
How Infostealer Malware Assembled the Dataset
Kela’s analysis identified five infostealer families responsible for the bulk of the credential theft: Redline, RisePro, StealC, Lumma, and Vidar. These stealers extract saved passwords directly from browser credential stores, autofill databases, and session cookies — bypassing the need to attack any web service directly. The OpenAI credentials were embedded in a larger corpus of over one billion records spanning dozens of services, consistent with a long-running infostealer campaign rather than a targeted breach. Malwarebytes researchers had initially flagged the auth0.openai.com subdomain as a possible attack vector, but subsequent evidence pointed to client-side compromise rather than server-side exploitation.
OpenAI’s Confirmed Position
OpenAI launched an internal investigation and confirmed no direct compromise of its servers or infrastructure. The accounts affected were those where end-users had been infected by infostealer malware on personal or work machines. Exposed data includes ChatGPT session tokens, API keys, and associated account details — all extractable without any vulnerability in OpenAI’s platform itself. Risk to affected users includes unauthorized API usage, access to stored conversation history, and potential pivot to other services where the same credentials are reused. See OpenAI’s security disclosures for the company’s official stance.
Who Is Most Exposed by This Campaign
Developers and enterprises using the OpenAI API face the highest operational risk: a stolen API key enables unbounded usage billed to the legitimate account holder and exposes any prompts or fine-tuning data associated with the key. Individual ChatGPT users risk exposure of conversation history, which may contain sensitive personal or professional information. Organizations that issued OpenAI API keys to employees without centralized key management have no straightforward way to identify which keys are compromised unless they audit usage logs. The CISA Known Exploited Vulnerabilities catalog documents the infostealer families used in this campaign.
Steps to Secure Affected OpenAI Accounts
- Rotate all OpenAI API keys immediately via the API keys dashboard and revoke any keys not actively in use.
- Enable multi-factor authentication (MFA) on your OpenAI account under Security settings — this blocks session-based takeovers even when credentials are known.
- Run a full endpoint scan with an updated EDR or antivirus solution to detect and remove any infostealer payloads still resident on the machine.
- Audit OpenAI API usage logs for any requests made from unfamiliar IP addresses or at unusual times, and dispute any unauthorized charges with OpenAI support.
- Enforce unique, randomly generated passwords across all services using a password manager, eliminating credential-reuse risk from the broader billion-record dataset.
The campaign illustrates how infostealer malware has matured into a systematic credential-aggregation supply chain that operates independently of any single platform’s security posture. OpenAI accounts are a high-value target precisely because they combine API billing access with potentially sensitive conversation data, making routine key rotation and endpoint hygiene more critical than platform-level defenses alone.
