Fraudulent credit card billing by OpenAI

I have an account at openai.com, opened in the middle of July 2024. I selected the 20 USD monthly plan and only did some exploring as I’m not yet ready for any serious projects.

On September 25, a series of credit card transactions suddenly appeared;

10:50 50 USD
10:50 150 USD
10:50 250 USD
10:51 499 USD
10:51 999 USD
10:53 999 USD
11:59 995,37 USD
12:11 993,43 USD
12:29 993,17 USD

Notice how it happens in minutes and how the amount escalates, testing how far it can go.

I recognize none of these transactions. I have not been using any OpenAI services at all lately.

When my notification SMS arrived at 12:29 I happened to have the phone in front of me so I noticed it and immediately called my bank to block the card.

Looking at my mailbox I could see that for the first 5 of the listed transactions I received a notification email telling me my account has been funded. For the other 4, nothing.

For transaction #5, the way openai.com email sender addressed me suddenly changed to “Hi F22” and the footer changed to:

“You received this email because you have a paid account with OpenAI
Organization: F22”

I have no idea what F22 is.

The openai dashboard for my account shows: no cost, no usage, no invoices.

OpenAI is not responding to my email and web inquiries.

I’m not from the USA, nor Qatar, nor Switzerland, so to me 6.000 USD is not just small change.

From this experience and looking at other similar threads I would say something is not really working well concerning OpenAI data security and user support.

I raised the issue also with my bank (of course) and with Stripe but at this time I’m not really confident about how it will all turn out.

1 Like

Welcome to the dev community.

We can’t help you with your account, unfortunately. You’ll need to reach out to help.openai.com (chat in bottom right…) And give them the details.

I would sign-out of all ChatGPT or other instances, change password, etc.

Were you using any browser extensions perchance?

1 Like

No browser extensions.
Yes, I’ve already used the help chat but it seems I’m talking to myself in there :frowning:

Sorry for your loss…

  • Can you make a screenshot with Usage, to see what it was used?
  • How it was set they key? in your code, in your system or some platform?

I try to understand how they operate and what target they have (I saw people posting this few times), because those money must be used somehow and must be some logs on your account.

1 Like

On the OpenAI platform site, looking at Dashboard, the Usage, Cost, and Invoices are all showing a big fat nothing (even though Invoices should at least be showing the monthly 20 USD subscription billing).

Looking from a distance this seems like OpenAI has somehow allowed credit card data tied to one account to be used to fund some other account. Especially bearing in mind the strange email notification that I mentioned originally.

1 Like

Can you let us know if you used your API key exclusively in your code, or if you also integrated it with libraries such as Hugging Face or Langchain, or set it in any software or platform?
Sharing more details with the community could help raise awareness and improve security practices.

Additionally, it’s important to be aware that exposed API keys can be misused by malicious actors to create embeddings, generate data for other models, perform adversarial training, or facilitate knowledge transfer…

2 Likes

My experience with OpenAI is just beginning. I did not use any code, only web interactive sessions with ChatGPT. I have no reason to believe that an API key could be exposed anywhere except with a breach of user data inside OpenAI itself.

1 Like

really interested in how this turns out

1 Like

After having raised the issue on the 25th with OpenAI as well as Stripe, I eventually received a human response from Stripe telling me that they are looking into ti; and then a series of apparently automated emails with the sender name OpenAI but the sender domain stripe.com, letting me known that the credit card charges will be refunded (in 5-10 days).

While this looked good at first glance, the same series of emails also included an invitation to click and join “organization F22”, ie. the mysterious entity I mentioned in the original post. This sounds possibly problematic to me (so I did not click) and also casts a strange light on this entire round of communication.

At the moment I also have a dispute opened with my bank and it looks very likely that I will be refunded by the bank in full which would resolve the issue for me.

It is funny how sometimes an issue is raised in various articles etc as to whether AI is a hoax in the sense of over-promising what can be done with it – but you only realize that it could be a hoax in a very old skool sense once you are on the receiving end.

1 Like

Can I ask if you made use of your API key with any websites?

Some sites offer character AI if you use your own API key, these sites can become compromised and your key data taken if they are not extremely careful, and some sites are just there to take your API keys.

I would also log into platform.openai.com and ensure any API keys that have been generated are revoked and your password changed.

4 Likes

No, there was no situation with an API key being exposed either on a public site or in its code.

I did change the password but I did not delete the API key yet because I thought it might be helpful for it to still be around in case someone needs to go over usage with a fine comb.

However usage (and cost and invoices) are showing nothing anyway, that’s just one of the weird aspects of the whole situation. At least there should be invoices for the monthly subscription.

1 Like

Hmm… are you confusing ChatGPT with the API?—the “subscription” is to do with ChatGPT, and thus would be found in the billing details on ChatGPT, not the API.

2 Likes

Interesting, have you used your API in any application privatly? If so, are any of thsoe projects stored on Github or any versioning system online?

That makes sense. As I mentioned I’m only just in my first steps with OpenAI / ChatGPT.

In any case in the billing / usage views on platform.openai.com there is simply nothing. So whatever could have been going on with the API key - which does not appear anywhere online to my knowledge, whether public or “not intentionally public but could have been hacked” - is also not logged as usage.

The entire experience makes very little sense and I’ll be happy to put it behind me when the bank finishes the restitution process. And then work for a while on things that I am more familiar and comfortable with.

1 Like

Unstandable. You can also contact help.openai.com and make use of the support bot in the bottom right corner (box icon) to report the charges.

But as you report you dont seem to think you have any API usage on platform.openai.com, it is ineed strange.

I wish you well, please keep us informed of your progress.

I did use the help chat but made no progress, I seem to just be talking to myself in there. There was no response either in the chat or in via email (not counting the non-human emails that I already mentioned).

Understood, they are very busy over on the help support system, so it can take several days to a week to get a human response.

Keep us informed of your progress, good luck.

Note: the default view of the usage page is rather deceiving. It only reflects the project you are in.

At the upper-left of the interface is Organization → selected project, a hierarchy. Organization contains particular billing, and also contains members, that can be invited, by anyone that has your password. Members can spend just the same as you with their own API keys and only show up in “members” aka “team”

Every selected organization AND every selected project only shows usage for that project. It does not show usage for projects that are in other invited member accounts. You have to go under your own account profile, or under the usage, pick “see all from my org” etc, to get a view of total usage.

2 Likes

Yes, I understand. My Organization only contains myself as a member, and it’s not called “F22”. Organization-level usage view doesn’t show any usage either.

Documentation: OpenAI API Organization System and Security Considerations

Overview of the OpenAI API Organization System

OpenAI provides a flexible organization system within its API management that allows users to manage multiple accounts and organizations. This structure is intended to facilitate collaboration across teams and control access to API keys, billing, and other features.

Key Features:

  • Organization Naming: Organizations can be named anything the user desires, providing flexibility in labeling groups or teams.
  • User Roles: There are two primary levels of user access within an organization:
    • Owner: Full administrative control, including managing billing, user roles, and organization settings.
    • Reader: Limited access, often restricted to API usage without visibility into billing or administrative settings.

Discovering Total Billings

Billing management in OpenAI’s organization system is tied to the organization level, not to individual users. To view the total billings:

  1. Navigate to the Usage section of the organization you are associated with.
  2. Only users with Owner privileges can access detailed billing information, including total spend and credits. Only the selected Project will be initially shown.
  3. Organization Billing proceed to “view billing to whole organization”.

Key Details:

  • Billing is associated with the organization, not the user account.
  • API keys, once generated for an organization, default to billing that organization for usage.
  • An invited reader or owner can direct their own billings to any organization.

Security Vulnerabilities and Risks

Credential Access and Exploitation

If credentials are not adequately protected, an attacker could potentially gain control over an organization, manipulate its resources, and exploit its billing structure. This section details how such an exploitation might occur:

  1. Gaining Access: If an unauthorized individual gains access to a user’s OpenAI account (through compromised credentials, for example), they could log in and exploit the system.

  2. Inviting Themselves to the Organization: The attacker could invite themselves to the organization and assign themselves the Owner role. With this role, they now have full administrative privileges over the organization.

  3. Restricting the Original User: The attacker can demote the legitimate user to a Reader role, effectively locking them out of administrative features, including billing information and access controls. Alternatively, the attacker could remove the legitimate user from the organization altogether, leaving them with only a personal account, no access to even the live payment method.

  4. Manipulating Billing and Usage:

    • The attacker can redirect the legitimate user’s API keys to point towards the compromised organization, ensuring that API usage continues to incur costs on the original user’s account.
    • They can spend funds or charge the user’s card by purchasing additional credits, as payment methods are tied to the organization.
  5. Maximizing Confusion: By renaming the organization back to the original personal account name and removing the original user from all roles, the attacker can obscure what has happened, making it difficult for the original user to detect unauthorized usage.

Exploitation Example:

  • Removing Billing Access: The attacker could demote the legitimate user to a Reader role, preventing them from seeing or managing billing, while still allowing API keys to incur charges.
  • Platform issues: Additional undisclosed flaws and vulnerabilities may allow payment details to be directly accessed by others.

Breach and Potential Consequences

Recent reports suggest that a potential breach has exposed some OpenAI users’ credentials. OpenAI has acknowledged instances where accounts may have been accessed by unauthorized parties, sending emails with notification to change passwords.

Potential Outcomes:

  • Unauthorized Billing: Users have reported unexpected large charges on their accounts, which may be linked to unauthorized access.
  • Account Breach Notification: Some users have received notifications suggesting their accounts may have been compromised, with recommendations to reset passwords and take other security precautions.
  • Outsourcing Concerns: The involvement of third-party services in account management or security could increase the risk of unreported vulnerabilities or undisclosed breaches.

User Recommendations:

  • Password Security: Users should immediately change passwords and review all API key usage and account activities.
  • Monitor Account Activity: Regularly review billing and API usage for unauthorized access.
  • Credit Monitoring: In cases of significant financial impact, users should consider monitoring their credit reports for any fraudulent activity and seeking further legal advice.

Conclusion

The OpenAI API organization system that has a long legacy offers a flexible way to manage teams and usage, but the potential for exploitation, especially regarding billing and access control, requires users to be vigilant. Protecting credentials and reviewing account access regularly is essential to prevent unauthorized use and potential financial loss.

1 Like