Hi, my API was stolen early this week and thousands of requests were made in two days. I’ve since made steps to remove the api key, and secure the new one. Unfortunately my account was charged hundreds of dollars. I’ve reached out to support multiple times over the week and no one has gotten back to me. Does anyone know how I can get support on this?
You can contact your credit care company and they will handle it for you.
You will need to explain to them what happened and they will take it from there.
That is the easiest way @provmusic
Genuinely interested to understand how your API key was exposed?
Thank you for the reply. Is that the same as a charge back? Do you know if this would affect my open ai account? I don’t want my account to be shut down.
I am using the api for a mobile app. The app was connecting directly to the api, meaning the api key was stored locally on the app. If you intercept the request, you can steal the key. I have since routed the api call through my server which requires a valid JWT in order to authenticate the request. The api key is no longer stored locally on the app.
Ouch. That’s a hard lesson to learn. At least you spotted it and I hope you can recover some of the unauthorised spend.
Thank you for replying. I was worried that it may have been an exploit in the OpenAi platform or the API.
Did you configure your account for a soft limit and/or a hard limit on usage in the billing section?
I did yeah, but if the api is cut off my app stops working