Subscription mistakenly linked to wrong account – possible security flaw?

ChatGPT
1

Hello everyone,
I’m sharing this experience in hopes of getting feedback from other users and raising awareness about a potential issue.

:pushpin: What happened

  1. On April 16, I subscribed to ChatGPT Plus using Google Play and carrier billing while logged into my main account on the app.
  2. After payment, the subscription did not activate. When I tried to subscribe again, the app told me I was “already subscribed,” yet I still had no access to Plus features.
  3. I contacted OpenAI Support, and they said no payment was found on my account.
  4. I checked Google Play – there was no purchase history there either.
  5. I then contacted my mobile carrier, and they confirmed that the payment was completed successfully.
  6. After a long and confusing process, I discovered that the subscription was actually linked to a family member’s Google account, which had previously been signed into on my device — even though it was not active during the time of purchase.
  7. To even confirm this, I had to log back into the family member’s account and go through multiple layers of authentication.

:warning: Why this is concerning

  • The purchase was made while I was logged into my own account, inside the app.
  • There was no indication that another account would be billed, and no permission was asked.
  • This raises concerns about user control, data integrity, and billing transparency.
  • It also makes me question how Google Play and OpenAI handle account session security in shared-device environments.

:speech_balloon: What do you think?

Here’s what support told me:

  • OpenAI says they cannot transfer subscriptions between accounts.
  • Google says they cannot offer a refund unless escalated further.

This means I’m currently paying for a subscription I can’t use, and I’m being asked to handle everything myself — even though I followed the correct process on the user side.

So, I want to ask the community:

  • Should OpenAI consider account transfer exceptions for cases like this?
  • Is it fair to expect users to absorb this kind of system-driven error without compensation?
  • Has anyone else encountered a similar issue?

I feel this is a systemic issue, not just a one-off mistake. If this could happen without warning, it may happen to others too — especially those who share devices or use multiple accounts on Android.

Thanks for reading, and I’d appreciate any advice or shared experiences.