Hackers puts massive Omni-GPT breach data for sale on the dark web

 Massive Data Leak Exposes Personal Information of Over 30,000 Omni-GPT Users

A recent, unverified data breach is said to have compromised email addresses, phone numbers, API and crypto keys, log in details, and billing data from more than 30,000 Omni-GPT users. Omni-GPT, a well-known aggregator that provides access to various AI models—including ChatGPT-4, Claude 3.5, Gemini, and Midjourney—has reportedly been hit by a large-scale breach, putting the personal details of thousands at risk.

Earlier this week, a user known as “Gloomer” on Breach Forums posted samples of the allegedly stolen information. According to the post, the leak includes all communications exchanged between users and the platform’s chatbot, along with links to files that users had uploaded, and a list of 30,000 user email addresses.

The post, made by a top-tier member on the forum referred to as “God,” was published just over two weeks after KrakenLabs first reported the incident. The new post is attributed to a user with the same alias but a different profile image, raising further questions about the source.

In the initial announcement, Gloomer stated, “I recently breached OmniGPT.co—a smaller version of ChatGPT—and retrieved every conversation between the users and the AI (over 34 million lines), in addition to collecting the emails of 30,000 users. About 20% of these emails even have phone numbers attached.” The user went on to claim that API keys, login credentials, and crypto keys were also exposed during the breach.

While the exact method of the attack remains unclear, the hacker did not hesitate to highlight the gravity of the situation. “There’s a lot of valuable data in these messages, including API keys and passwords, and many of the uploaded files contain sensitive billing information,” Gloomer explained. “Good luck finding something useful, and enjoy this leak.”

If the breach is indeed genuine, the affected individuals could face a variety of security threats. These range from account takeovers and unauthorized access to identity theft, phishing, malware infections, and both financial and reputational harm.

The threat actor also mentioned that some crypto private keys were part of the stolen data. “I managed to extract all the crypto private keys with a program I developed using regex, and I found around 130 keys. About 10 of these keys hold a small balance or sometimes NFTs. I haven’t dug deeper into the messages file for more crypto details,” Gloomer added.

In his post dated January 24, Gloomer priced the leaked data dump at $100.

So far, Omni-GPT has not publicly acknowledged the breach or any related security incident. The company’s Chief Security Officer has been contacted for a comment, but no response has been received as of the publication of this report. If the breach is confirmed, Omni-GPT could face significant challenges beyond mere reputational damage, including potential legal and regulatory actions under data protection laws such as the European GDPR, given its widespread user base.

According to cybersecurity news source Hackread, which reviewed some of the leaked data, the compromised information includes data from users in countries like Brazil, Italy, India, Pakistan, China, and Saudi Arabia.

Omni-GPT has gained popularity around the world for its ability to combine several top-tier AI models into one user-friendly interface. It offers additional features such as data encryption, team collaboration tools, document management, image analysis, and even WhatsApp integration. The platform provides a free subscription with basic functionalities and a premium Plus membership that costs $16 per month.

This incident highlights the growing risk of data breaches in the modern digital landscape, where even reputable platforms can fall victim to sophisticated cyberattacks. As personal data becomes an increasingly valuable commodity, both users and companies must prioritize robust cybersecurity measures to protect sensitive information.

The implications of this breach extend far beyond individual users. For businesses and organizations, such leaks underscore the importance of compliance with international data protection standards and the need for constant vigilance against evolving cyber threats. The balance between innovation and security remains delicate, and incidents like this serve as a stark reminder of the consequences when that balance is disrupted.

As investigations into the Omni-GPT breach continue, affected users are urged to monitor their accounts for suspicious activity and update their credentials immediately. It also reinforces the need for continuous improvements in cybersecurity practices to safeguard against future threats in an increasingly interconnected world.

In summary, this breach serves as both a warning and a call to action for everyone—from individual users to global tech giants—to prioritize privacy and security in the digital age.

Massive Data Leak Exposes Personal Information of Over 30,000 Omni-GPT Users

A recent, unverified data breach is reported to have compromised email addresses, phone numbers, API and cryptocurrency keys, log in details, and billing data from over 30,000 Omni-GPT users. Omni-GPT, a popular aggregator that offers access to several AI models—including ChatGPT-4, Claude 3.5, Gemini, and Midjourney—has reportedly suffered a significant breach, putting thousands of users' personal information at risk.

Leak Details and Early Reports

Earlier this week, a user known by the alias “Gloomer” on Breach Forums shared samples of the supposedly stolen data. The post claims that the leak includes all messages exchanged between users and the chatbot, links to files uploaded by users, and a list of 30,000 user email addresses. This announcement was made by a high-ranking forum member, sometimes referred to as “God,” about two weeks after KrakenLabs initially reported the incident. Interestingly, this post is attributed to a user with the same alias but a different profile picture, adding another layer of mystery to the breach.

What the Leaked Data Contains

According to the initial claims, Gloomer stated, “I recently infiltrated OmniGPT.co—a smaller version of ChatGPT—and extracted all interactions between users and the AI (over 34 million lines), along with the emails of 30,000 users. Approximately 20% of these emails also have phone numbers attached.” The leak allegedly exposes not only API keys and login credentials but also cryptocurrency keys. Gloomer mentioned that he used a custom regex-based tool to extract around 130 crypto private keys, with about 10 of them containing minor balances or even NFTs. However, further investigation into the messages file was not pursued by the hacker.

Potential Risks for Users

If the breach is genuine, affected users face several serious risks. These include:

• Account Takeovers: Unauthorized access to personal and financial accounts.
• Identity Theft: Fraudsters could use the exposed data to impersonate users.
• Phishing Attacks: Increased risk of deceptive emails and messages designed to steal more information.
• Malware Infections: Potential for harmful software to be installed on user devices.
• Financial and Reputational Harm: Damage to both personal finances and the public image of affected individuals.

Pricing and Sale of the Data

Gloomer’s post, dated January 24, set the price of the leaked data dump at $100. This low price suggests that the threat actor might be attempting to sell the data to multiple interested buyers, further compounding the potential damage.

Omni-GPT’s Response and Legal Implications

To date, Omni-GPT has not publicly acknowledged the breach or commented on the incident. When contacted, their Chief Security Officer did not provide any response before this report was published. If the breach is verified, Omni-GPT may face severe repercussions beyond reputation damage. With a global user base, the company could be subject to strict data protection regulations, such as the European GDPR, which carries heavy penalties for non-compliance.

Global Impact of the Breach

Cybersecurity outlet Hackread, after reviewing some of the leaked data, confirmed that the breach affected users from several countries, including Brazil, Italy, India, Pakistan, China, and Saudi Arabia. This international spread underscores the far-reaching implications of the leak, highlighting the need for robust security measures in digital platforms worldwide.

Omni-GPT: A Popular AI Aggregator

Omni-GPT is widely used for its ability to combine several top AI models into one interface, making it easier for users to access various tools without switching platforms. The service also provides features like data encryption, team collaboration, document management, image analysis, and even WhatsApp integration. Users can access a basic free tier or upgrade to a Plus membership for $16 per month, which offers enhanced functionalities.

My Opinion:

This alleged breach is a stark reminder of the vulnerabilities in today’s digital landscape. While the full details of how the attack was executed remain unclear, the exposed data could lead to a host of security challenges for users, ranging from identity theft to account takeover. Companies like Omni-GPT must now grapple with both reputational damage and potential legal actions from regulators around the globe.

As investigations continue, users must monitor their accounts, change passwords, and remain vigilant against any suspicious activity. The incident also emphasizes investing in robust cybersecurity measures to protect personal and sensitive data in an increasingly interconnected world.

In summary, while Omni-GPT remains a valuable tool for accessing advanced AI models, this incident highlights the pressing need for stronger security protocols and greater transparency in protecting user information.