PrivacyHigh

OmniGPT Breach Allegedly Leaks 34 Million Chat Messages and User Credentials

OmniGPT

What Happened

A threat actor posted data on a criminal forum claiming to have breached OmniGPT, an aggregator that routes users to models like GPT-4, Claude, Gemini, and DeepSeek. The leak allegedly included around 30,000 user email addresses and phone numbers plus more than 34 million lines of user-chatbot conversations. The dump also contained links to uploaded files and secrets such as API keys and credentials that users had pasted into chats.

Impact

Exposed contact details enable targeted phishing, while leaked conversations and embedded API keys risk unauthorized access to victims' third-party accounts. OmniGPT did not publicly acknowledge or confirm the breach.

How to Prevent This

  • Warn users against pasting secrets into chats and automatically redact detected credentials
  • Encrypt stored conversation logs and enforce strict retention limits
  • Protect uploaded-file links with authentication and expiry rather than public URLs
  • Adopt breach-detection and dark-web monitoring to catch exposure quickly
  • Publish transparent incident response and notify affected users promptly

Don't Let Your Company Be the Next Case Study

Take our 2-minute quiz to identify your AI risks before they become failures.

Assess Your AI Risks Now →

Most teams can't — find out in 2 minutes

Real AI failures analyzed • Free 2-minute assessment