Account got hacked. Someone got accessed to my account

Last week, I added billing plan and started using ChatGPT API. Had good experience. However, yesterday I started seeing some prompts in Simplified Chinese that I do not recognize. Looking at my email and credit card history, I found that I was charged $80 this week that I didn’t authorize. I didn’t turn on auto charge feature. My billing plan and Usages are all gone. I contacted support and is currently waiting for replies. Did someone somehow got accessed to my account or my api key? I have sinced changed my password and turned on 2FA. I have not changed my API keys yet since there is no billing plan any more.
Any ideas?

I think your computer/account was compromised. It’s your account because conversation via API do not show in your Chat History(imo). I think it’s your account only.

Someone that has control of your OpenAI account can invite themselves and make themselves an owner of your organization. Then demote or remove you. And then the organization and all its settings is now in their account.

If that happened, API keys don’t matter because the new account owner can assign their own API keys to that organization to empty the charges they made while enjoying that you can’t manage anything about billing.

It is a preposterous system and nobody should have to pay a penny because OpenAI continues to allow this.

1 Like

Interesting. How were they able to charge $80 dollars with no billing history or usage?

Thanks for that interesting info. Currently it still shows me as the only member and owner of the organization. How were they able to charge $80 with no billing history and usage?
So what do you think I should do at this point?

Where are you seeing these Chinese prompts? ChatGPT, or perhaps in new assistants threads?

A good organized stealing strategy would be to make max charges and inference, then leave the hacked organization to try to remove the evidence.

Look into your account itself, under billing.

This is where monthly billings are shown. I’m not sure if the credit purchase would show up there, as I only have monthly bills.

Or usage history to see if you have the credit purchase and its use there.

You can also see if your ChatGPT has been altered to be Plus or Teams, as purchasing both ChatGPT plus and Teams with monthly and with 2 members would be $20 + $60.

Do you have a different account balance in your API account than before?

If you have a good picture where the purchase was made, or if you were charged and received no services, either way, you can contact OpenAI about the intrusion and charge, and also ensure they reset all logged-in session.

In regular chatpgpt, I see two posts in Simplified Chinese that I didn’t prompt.

Looking at that billing history, it’s empty. It says " Showing invoices within the past 12 months, No invoices found"

For both Usage Cost and Activity shows zero spent and zero api requests.

ChatGPT still in Plus which is correct.

I started using API only last week. I remember seeing some amounts in usage.

Thank you.

Did you name your organization? Is that name now gone?

Did you add a payment method? Is there now no payment method on file, with “add a payment method” showing?

It is possible that your account organization was taken over and moved to a new owner as described before. That might have left you with an empty one.

Older accounts created long ago had an extra organization named “personal” added to them automatically by OpenAI mid year last year, perhaps because if the main organization left to a new owner, the account was previously made useless.

It is OpenAI that can see where the charge came from.
It is you that can figure out where the intrusion came from and to see if that access is still maintained, such as installing hacker’s ChatGPT browser extensions and fake SORA.exe backdoors.

You are right. I was charged additional $400 and $100 yesterday.
I immediately informed the bank reported those as fraud. I reported to support as well.
I don’t remember naming organization.
No payment on file now. Yes, add a payment showing.

the same happened to me today (organization charges that I no longer have access to). how did it end for you @rhap4boy?

I locked my credit card and reported the fraud to credit card company and they reversed the charges and sent me new card. I don’t think OpenAI support ever responded. But I do see couple days later more charges happened again but it automatically got reversed. Not sure if it was the bank or OpenAI that reversed them.