What Happened
A threat actor posted data on a criminal forum claiming to have breached OmniGPT, an aggregator that routes users to models like GPT-4, Claude, Gemini, and DeepSeek. The leak allegedly included around 30,000 user email addresses and phone numbers plus more than 34 million lines of user-chatbot conversations. The dump also contained links to uploaded files and secrets such as API keys and credentials that users had pasted into chats.
Impact
Exposed contact details enable targeted phishing, while leaked conversations and embedded API keys risk unauthorized access to victims' third-party accounts. OmniGPT did not publicly acknowledge or confirm the breach.
How to Prevent This
- Warn users against pasting secrets into chats and automatically redact detected credentials
- Encrypt stored conversation logs and enforce strict retention limits
- Protect uploaded-file links with authentication and expiry rather than public URLs
- Adopt breach-detection and dark-web monitoring to catch exposure quickly
- Publish transparent incident response and notify affected users promptly