Mr Viral
Image: QubixStudio / Shutterstock.com
Have you ever tried ChatGPT? You may want to take a quick moment to freshen up your account’s security. A Russian hacker is claiming to have login data for over 20 million OpenAI users—and the information includes email addresses and passwords. On Friday, samples of OpenAI logins emerged on the dark web, along with an offer to sell the full trove of data.
Currently, OpenAI says it has not yet found evidence of compromised systems (as per The Independent). However, don’t take that as a sign that everything’s fine. Given the potential sensitive information that could be exposed if this is true, responding proactively now is a safe move.
(Not sure what could put you at risk if you wait to see what happens? For starters, OpenAI’s ChatGPT chatbot undoubtedly contains sensitive data in saved user queries, including financial and medical information. Such information could be used in targeted phishing campaigns—which, due to the use of AI services like those provided by OpenAI, have become dramatically more sophisticated in a very short period. Most users aren’t yet expecting the new level of personalization in scam attempts.)
Until OpenAI’s investigation is complete, you can take several proactive steps:
Enable multi-factor authentication (aka two-factor authentication) on your account. It adds a second checkpoint to clear when logging in, which protects you if your password is compromised.
Change your password.
Force the service to log out of all other devices
If you reuse passwords or use very similar passwords across sites, also change your password on any other services where there’s overlap.
To enable 2FA and log out of all devices, you must log into your account, then go to Settings. To reset your password, you must use the “Reset password” link on the login page.
Unfortunately, big data breaches affecting major services aren’t unusual—which is why you should treat this claim with some seriousness. And, in general, bolster your security practices for 2025. You don’t need to keep track of all your unique login details, either. Passkeys and a password manager will help you stay on top of it all, with little extra effort needed on your part.
Author: Alaina Yee, Senior Editor, PCWorld
A 14-year veteran of technology and video games journalism, Alaina Yee covers a variety of topics for PCWorld. Since joining the team in 2016, she’s written about CPUs, Windows, PC building, Chrome, Raspberry Pi, and much more—while also serving as PCWorld’s resident bargain hunter (#slickdeals). Currently her focus is on security, helping people understand how best to protect themselves online. Her work has previously appeared in PC Gamer, IGN, Maximum PC, and Official Xbox Magazine.
GIPHY App Key not set. Please check settings