Some may already be aware of the recently reported alleged OpenAI data breach (reported in gbhackers). We do have an official statement directly from OpenAI:
We’re aware that a threat actor is claiming that they obtained credentials from OpenAI accounts. We have not seen any evidence that this is connected to a compromise of OpenAI systems to date. We take claims of account compromise seriously, and our teams are continuing to monitor.
As such there isn't any evidence right now to suggest there has been a compromise.
For the majority of users in our ChatGPT Edu workspace who can only use SSO to log in, there are no actions we would recommend at this time.
For anyone who also has a password associated with their ChatGPT Edu account (for example if you had a ChatGPT account associated with your Oxford SSO before joining our Oxford ChatGPT Edu workspace), there are also no actions we would recommend at this time.
However for anyone with an associated password for the ChatGPT Edu account I would encourage standard practices InfoSec recommend to Make your online accounts secure:
- Create a unique strong password, do not reuse passwords between accounts, and do not reuse a old password.
- Use multi-factor authentication. If you use SSO to log in then you should already be required to use and be protected by multi-factor authentication. If you use a password to log in to your ChatGPT Edu workspace then you should strongly consider enabling Multi-factor authentication in your ChatGPT Edu settings.
If anyone does have any concerns related to this issue please get in touch.
