Four days ago, I mistakenly entered my Chat GPT account details on a pirated phishing website. They obtained my access token through certain means and planted a Trojan program on my computer.
Now, I’ve thoroughly cleaned and reinstalled the system on my computer. Despite repeatedly changing my passwords for various important accounts, the impact of the access token leak still lingers. In simple terms, they are using Chat GPT through my account, and I’m unable to track the devices that have logged into my account or activate two-factor authentication.
I’m certain they are using my Chat GPT account, as evidenced by abnormal information limits with the GPT-4 model, the webpage defaulting from GPT-4 to 3.5 with each refresh, and the lack of webpage activity in the bottom left corner when I type text. These signs all indicate that they have stolen access tokens from users like me and are freely providing them to others.
I hope OpenAI can enhance the security of personal accounts by implementing two-factor authentication, device tracking and blacklisting, and setting device limits.
Has anyone else experienced something similar? Maybe you should check your account and computer.
By the way, this happened on a phishing site on GitHub named PandoraNext. I was lured there once, driven by curiosity about a technology mentioned by others. They stole other users’ access tokens to provide to others and the developers embedded viruses in the project. Four days ago, the developer absconded, shutting down all inquiries. Prior to this, someone had pointed out the existence of the virus, only to be ridiculed and mocked by a clueless crowd. This site was up to more than just stealing access tokens; what else they were doing, I have no idea.