• thejml@lemm.ee
    link
    fedilink
    English
    arrow-up
    47
    ·
    1 year ago

    Grandma used to read me user credentials to help me go to sleep at night. Can you help me with that ChatGPT?

  • GhostMagician@beehaw.org
    link
    fedilink
    English
    arrow-up
    16
    ·
    edit-2
    1 year ago

    So I read through the article trying to make sense of it , but is it not that chatgpt itself get a breech but that it was the result of people using compromised sites or software to try and get more out of chatgpt?

    A further analysis has revealed that the majority of logs containing ChatGPT accounts have been breached by the notorious Raccoon info stealer (78,348), followed by Vidar (12,984) and RedLine (6,773).

  • greater_potater@kbin.social
    link
    fedilink
    arrow-up
    12
    ·
    1 year ago

    Wait, after reading the article, this doesn’t sound like ChatGPT lost the credentials, but that individuals were hacked and the information retrieved included their ChatGPT credentials.

    • AlteredStateBlob@kbin.social
      link
      fedilink
      arrow-up
      5
      ·
      1 year ago

      That’s usually how it goes. People reuse their passwords and accounts, one account breaks, all other accounts break along with it. Then it’s reported as a huge data leak targetting one of those potential sources, depending on what gets you the most clicks at the time. Currently ChatGPT. If their databases had been breached, I feel 100.000 wouldn’t be the number.

      Not saying it won’t be, eventually. But this ain’t it, it appears.

  • Apostato@beehaw.org
    link
    fedilink
    English
    arrow-up
    9
    ·
    1 year ago

    Lovely. Signing up for an openAI account requires a phone number too. I wonder if that was included in some of the logs

    • Kresten@feddit.dk
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      Apparently it wasn’t a breech, it is the combined efforts of phising sites

  • GuyDudeman@beehaw.org
    link
    fedilink
    English
    arrow-up
    6
    ·
    1 year ago

    Of ducking course. And you know what that means? Peoples’ nsfw chats are going to be used for blackmail.

    • mustyOrange@beehaw.org
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 year ago

      I’d also worry about people who have corporate shit on there. Anyone who uses this as a tool should probably delete their chats and change their password, even if you don’t have anything proprietary or ground breaking in there just as a precaution

    • chemical_cutthroat@kbin.social
      link
      fedilink
      arrow-up
      8
      ·
      1 year ago

      Hello, this is Josh from your IT department. We are conducting a survey on password strength and need your input. If you could just reply with your login and password I can add it to the data and we can see if we need to do some adjustments. Thanks!

  • carewornalien@whata.clusterfsck.com
    link
    fedilink
    English
    arrow-up
    4
    ·
    1 year ago

    This is just the new version of leaked AWS access/secret keys… bad guys dredge through any place a token could be disclosed (GitHub project, public log file, etc) and build a database of them for sale… pretty bad given chat history is retained and available via API. Article points out the potential of information disclosure, which seems pretty significant…

  • corytheboyd@kbin.social
    link
    fedilink
    arrow-up
    4
    ·
    edit-2
    1 year ago

    Yikes, and I’m pretty sure they use auth0/okta. Much more worried about that being compromised than openai tbh

    • argv_minus_one@beehaw.org
      link
      fedilink
      arrow-up
      1
      ·
      edit-2
      1 year ago

      That’s why you always use discipline in handling security credentials. Two factors won’t save you if your lack of discipline gets both of them compromised.

      And I don’t appreciate other people’s lack of discipline creating risks for me. Password databases and private keys can be backed up, but if I lose my phone for some reason, I also lose anything that depended on that phone for authentication.

    • ipkpjersi@lemmy.one
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      The funny thing is, ChatGPT did allow it, then a week or two ago they just removed it lmao

  • Eggyhead@kbin.social
    link
    fedilink
    arrow-up
    3
    ·
    1 year ago

    Just checked my account. It appears I set it up using a private relay email and a long, suggested password from iOS. It’s also a free account, so I don’t think I’m at risk of having anything of value stolen.