Fraudulent credit card billing by OpenAI

You can set the owner of an account as “reader” as another owner?!

Maybe you’ve been phished, your credit card has been compromised, and someone else (the organisation you mentioned) may have used it to pay for OpenAI services.

It may be worth checking if the email address the charges were sent to is the one you use with your OpenAI account and credit card. Is it the same address you use for both?

If you were compromised this badly, with your identity and credit card details leaked, maybe this is worth a shot:

Check for data leaks

Head to https://haveibeenpwned.com/ to see if your email or other personal info has been leaked.

Change your important passwords

If you suspect your WiFi might be compromised (especially in an apartment building), get off it. Go to a trusted location, like your fam’s or a friend’s place, and change your important passwords (Microsoft, Apple, Google, Firefox, password managers, any MFA apps you might be using). Make sure to keep note of everything so you don’t lock yourself out.

Secure your home network

At home, change your WiFi password and make sure your router uses the best encryption features it has (WPA2/3). If something feels sus, you could go further, and reset the router to factory settings and update the firmware, but again… don’t lock yourself out. Contact your ISP for help, or let them handle it remotely.

Check your kit

Run a virus scan, boomer-style… You can use something like the free NOD32 online scan (ESET Online Scanner | ESET) and let it check for anything sus on your system.

Wipe your kit

If nothing gets picked up and you are still worried, back up your data, and wipe everything. Start with your phone, and make sure your backups are good before doing this. Make sure you’ve noted down your new passwords, and that your phone is fully backed up and working, so you can go online if anything else goes wrong.

I know this sounds a bit crass, but honestly… if I got compromised like this, I’d go scorched earth, like, wipe it all and rebuild from a clean slate.

You know, what you are describing sounds like your API key got leaked, but the thing with the ominous “F22” org doesn’t check out if that was the case because you should see it in your platform dashboard.

I’m sorry this is happening to you, be safe, man, keep us posted, and good luck.

PS: I was typing this while you posted @_j but I didn’t understand. Can you please explain in simple terms or with an example?

2 Likes

Given that the charges don’t align with your activity and aren’t showing up in your org’s billing.

The simplest explanation would be that your card could have been compromised somewhere and was then used on another account on OpenAI since the charges show up as OpenAI on your statement.

1 Like

Thank you everybody for your replies.

Proxy, I almost am a boomer :slight_smile: I’m on the older side of gen-x. Been in IT for uh… close to 40 years now. No, I’m not a Cobol guy. But one of these days the bell will ring for me to say “I’m too old for this shit”. Maybe it’s ringing now.

Sps and _j, yes, this has been my bird’s-eye interpretation also (but I was not familiar with possible details) - that there is insufficient security inside the OpenAI user-facing operations. And the fact that it’s hard to get a live person to talk about the problem, well… I guess a company that does AI is the last one where you would expect to find a live person doing support.

2 Likes

Support from most of the big tech companies is frustrating like this.

Even reasonably big Youtube creators complain about the lack of personal service.

I experienced the exact same things as you did and haven’t received any feedback from OpenAI yet.