Unauthorized withdrawal of money from the balance

OpenAI takes money from my balance and shows that models are being used that I have never actually used. There is a 1 dollars limit set, but it is not enforced. There were about 7 dollars on the account, about 18 dollars were written off. The balance is now -7.61 dollars. Essentially, money was stolen (well, not a lot). I don’t want to leave it like this. This is a fraud.

Has anyone else encountered this?

Yes, people that leaked their keys in code, have their account compromised by trojan browser extensions or other password stealers, or put API keys in client applications are typically the ones that experience unauthorized usage on their account.

You can create a new API key and remove all others, and change your account password with a “forgot password” at login if you have one that is unique to OpenAI (not an authentication service like Google).

You can contact through the help bot at help.openai.com to report the unauthorized usage or intrusion and see what becomes of that.

The hard limits are not a guarantee of termination of service. One can make 100 requests at once with unknown billing until they are complete, for example.

This is the second time I’ve encountered this. The first time I waited for a response from support for about a month. Months!

The key was revoked and a new one was created. Everything is protected. I’m not new to using API keys, and this has never happened with other services. And here we go again.

Why then make it possible to set a limit if it doesn’t work? There wasn’t even an email warning (set at half of monthly budget)



In essence, this is a beautiful answer: no, it’s not us, it’s not our fault, your key was just stolen. And there is no way to anticipate a claim.

Hey @afield.charge - mid last year I once got in a situation where there was unauthorized use of one of my API keys. It was a small amount (~15 USD or less). I reached out to OpenAI and ended up getting nearly the full amount back after some months. Hence, I disagree with the observation that OpenAI assumes a “it’s not our fault” position.

I don’t have the full insights but I do believe they review these matters case by case. If an issue like this happens multiple times, then perhaps the likelihood that one receives a refund decreases as it might indicate more systemic issues on the client’s side in terms of API key protection.

Possibly. The first time I was also reimbursed for $5 that was spent on models I didn’t use. The fact is that after that incident I created two new keys. One was used a little, the other was not. The keys are nearby. Unauthorized requests were from the first key. If my keys were stolen, they would use the second one. And these keys are not publicly available, all requests are via HTTPS.

And the most important thing is the answer. Wait months for an answer? The product is currently not working. I think this is disrespect for the developers.