OpenAI API token is stolen last Friday, and not showing in Log any api calls history at May 8 2026. big bug
Actually, I’m sure I didn’t use it in that day, I closed all my related computer.
Welcome to the forum!
If you think an API key was stolen, I’d treat this as a security issue first, not only a bug.
In this situation, I’d delete/rotate the affected API key immediately if you haven’t already, then check usage /logs by project/key and make sure spend limits are set.
OpenAI’s API key safety doc also says to rotate a key immediately if you believe it has been leaked:
https://help.openai.com/en/articles/5112595-best-practices-for-api-key-safety
If the usage does not match your logs, I’d contact OpenAI Support through the Help Center and include screenshots, timestamps, affected project/org, key name or key ID if available, usage details and what you already rotated/deleted.
Hey @OneAI, that’s definitely concerning.
If you believe the key was compromised, I’d follow @LarisaHaster’s suggestion and rotate/revoke it immediately. The general best practice is to keep API keys server-side only, store them securely, avoid committing them to repos, and replace them quickly if there’s any suspicion they were exposed.
You can check out this article for more info: Best Practices for API Key Safety
For the missing logs, please reach out to support@openai.com with the date/time, org/project details, and anything else relevant. If you already have a case open, send over the case ID and I can help check.
- Sunny