Woke up this morning and I could not log in. Got this in email and wanted to give the community heads up to change passes etc. I do not understand what 3rd party would have access to my open AI credentials. They locked my account but it was easy to fix my pass, but I’m looking for a bit more info.
Great job security team 
thank you.
PS everyone should enable two-factor authentication (2FA) just sayin .
Generated
“ It’s a valid concern to wonder why a third party would have your OpenAI credentials. Generally, third parties may access certain account information under specific circumstances, such as:
- Third-party payment processors: If you have a subscription or made payments through OpenAI, the credentials related to your payment information might be handled by an external payment processor (like Stripe, PayPal, or other payment gateways).
- External integrations: If you’ve used OpenAI’s API with third-party services or apps, those services might store your API keys or authentication tokens to allow continued access or provide features like automated tasks or services.
- Shared platforms or tools: Some external tools that interact with OpenAI’s systems could store or manage access credentials, especially if you’re working in collaborative environments or using tools designed to interact with OpenAI’s API.
- Cloud infrastructure or hosting services: If OpenAI utilizes third-party cloud services to host some of their infrastructure, there’s a possibility that credentials were exposed via this pathway.
Given that OpenAI mentions a third-party breach, it suggests that a service OpenAI uses or integrates with was compromised, and credentials related to your OpenAI account might have been indirectly exposed.
If you’re concerned about further details, I’d recommend following any official communications from OpenAI to clarify the situation and ensure that you’re fully protected.”
OpenAI security portal https://trust.openai.com/
