Someone is abusing openai api through a bug

Dear OpenAI team,

I was surprised to find that you have stopped adding new Plus users at chat.*.*due to high load from Plus, which seems unreasonable. I decided to investigate API abuse. After a few days of research, I indeed made some discoveries.

I am quite certain this is due to some bug, or an incorrect and irrational mechanism. When I inquired about the prices from those reselling OpenAI API access in the market, their responses were shocking: $0.01 could buy $1 worth of API access(for gpt-3.5 models they give free access). This must be due to their abuse, causing your high load. While investigating them, I faced significant resistance but still gathered some information:

  1. Bug or Mechanism Exploitation: They pay a small bill, maybe tens to 100 dollars, turning the account into a prepaid one, which might have a credit limit of $5000. This allows them to sell API access at a very low price. They wouldn’t disclose the specifics, but from their discussions, paying $10 could get $2000 worth, and $5000 could even fetch $1 million, which is bizarre. The total value of API they sell daily through this bug might reach millions of dollars.They are not willing to disclose more information, so this is all I know.

  2. Sess Token Abuse: Registering an OpenAI account no longer requires a phone number, turning a minimal cost account into a zero-cost one, leading to widespread zombie accounts. They might register hundreds or thousands at a time. These accounts also have API access. On’s playground, you send a sess token to the frontend to verify user identity. They exploit this to get $5 of free credits for API calls to api.*.*at no cost. I think you should require a user-generated key to use the playground, which is reasonable. A test key created by the user is certainly safer than a non-deletable sess.Moreover, it’s reasonable to require a person who wants to call the API to first generate an API key, isn’t it? This is the first step in calling an API.

  3. Frontend API Calls: This issue has always existed and is indeed hard to solve. But I am sure it also puts pressure on you. They open thousands of Plus accounts and turn services like GPTs into APIs. Do you think they pay? No, they request refunds after two weeks.

    they run this code in broswer console to subscribe plus:

    fetch("/api/auth/session").then(r => r.json()).then(({ accessToken }) => {
      fetch("/backend-api/payments/checkout", {
        "method": "POST",
        "headers": { "authorization": `Bearer ${accessToken}`, },
      }).then(r => r.json()).then(d =>

I hope this information is helpful. Nobody wants to deal with these troublesome abuses instead of developing new features. But where there is light, there is shadow. If not dealt with in time, these shadows will swallow the light. To me, handling abuse is an essential task for you.

Lastly, I hope you resolve these abuses soon and reopen the normal subscription channel for Plus.

An Informant Who Prefers to Remain Anonymous

Created with the help of ChatGPT.

Interesting research. Though if this was true, why wouldn’t they close API access to new users? As I understand the limitation is only related to ChatGPT Plus, not APIs.

This is interesting but if true it seems impossible OpenAI would not already know. I’m curious why you chose to discuss this here.

1 Like

Fascinating, how did you go about finding this out? :thinking: Seems very important that OAI gets eyes on this if they don’t already, but are you sure this is the right way to be red-teaming? Might look at their bug bounty program.

I really like ChatGPT, it has changed my way of life, and I hope OpenAI can develop even better. Seeing these madmen stealing millions of dollars every day, I worry for OpenAI. Surprisingly, OpenAI has not taken countermeasures, but has limited new Plus subscriptions.

On some Telegram or Discord channels, some people are discussing these methods.

1 Like

If this is the case, why wouldn’t they close API access to new users (and only close ChatGPT Plus)?

OpenAI providing an API for each account is a good incentive for developers, but it should be subject to stricter regulation, rather than being allowed to develop unchecked. I don’t know if OpenAI is aware of these abuses. I hope they are not, rather than being aware and yet doing nothing.

Many businesses rely on these APIs, OpenAI can’t just cut them off abruptly.

It was not cutting ChatGPT either.

Your point is: there is a vulnerability and that is why they closed new ChatGPT Plus registrations.

My point: if the vulnerability is around API billing, why would the close new registrations for ChatGPT Plus, not API?

OpenAI’s capacity can be likened to a bottle of water. If expenditure on Plus is restricted, it naturally allows more resources to be channeled towards the API. Of course, this might just be my wishful thinking or a subjective perspective, as I’ve observed instances of API misuse that seem to deplete OpenAI’s capacity, thereby forcing OpenAI to discontinue new Plus subscriptions. This is my understanding, though it may not be entirely accurate. Regardless of whether this is the actual reason for OpenAI’s cessation of new Plus subscriptions, I firmly believe it is essential to bring these instances of misuse to OpenAI’s attention.

1 Like

You do not describe a hack or a bug.

You describe someone creating accounts and then selling the accounts to people in unsupported countries (in China) where payments and access are geoblocked.

The fraud would be describing the account as “credit limit”. That’s just the total monthly limit. OpenAI does not grant credit, net terms, or trust to developer accounts any more. API service is shut off as soon as the prepaid amount is exhausted.

Perhaps the intent is to fool buyers (and you) into overestimating an account’s value created with $100 of stolen credit card number and with only that amount of credit in it (or emptied of credit, and then sold just based on tier)

New accounts also do come with a $5 credit that expires after three months.

Sessions are persistent, and use of sessions and cookies to maintain a connection would be regarding maintaining access even after a hacked account tries to change password, because OpenAI has no manual close method to logout devices.

The fraud would likely employing stolen credit card numbers to do so, or simply using stolen accounts.

I’m not exactly sure how they did it, but based on the information available, they didn’t steal accounts, they did indeed pay OpenAI with their own credit cards. They themselves call this a bug, not fraud or anything. I don’t know the details, can’t replicate it, it’s hard to convince you, but that’s not my goal. I want to point out that such a phenomenon exists.

This sounds a lot like “they fell off the back of a truck”.

If it is a bug, thanks for letting them know. I recall during my infancy days the API credit was $18. Losers were churning through phone numbers to accumulate a bunch of credit, mostly for the purpose of reselling to restricted countries. I actually couldn’t use my own business phone number because it was used in the scam.

Bad people always ruin good things. Thanks for trying to make a difference