💡This post is part of Free Post Friday! If you're not a paid subscriber to the platform, these are some of the details you would see if you were a paid subscriber!
💡 Subscribe to DarkWebInformer.com for Unmatched Cyber Threat Intelligence 💡
Why Subscribe? Let me do the work and save you time.
Stay ahead of cyber threats and safeguard your digital assets while enhancing your cybersecurity awareness with these exclusive subscriber-only features:
-
📜
Detailed Threat Posts: Stay updated on breaches, leaks, ransomware, DDoS attacks, and more.
-
📡
Exclusive Threat Feeds: Access the latest ransomware victim disclosures, breaches, leaks, and other critical updates. Approximately 100-150 alerts daily.
-
🖼️
High-Resolution Screenshots: All threat alerts include watermark-free, high-resolution images.
-
🔗
Direct Claim URLs: Instantly access claims with direct links for fast verification.
QUICK FACTS
🔗 DarkWebInformer.com - Cyber Threat Intelligence
📅 Date: 2025-01-24 19:52:44
🚨 Title: Alleged Data Sale of OmniGPT
🛡️ Victim Country: Thailand
🏭 Victim Industry: Information Technology (IT) Services
🏢 Victim Organization: OmniGPT
🌐 Victim Site: omnigpt.co
📜 Category: Data Leak
🔗 Claim: https://breachforums.st/Thread-DATABASE-Omnigpt-co-ChatGPT-Copycat-30k-User-Emails-Phone-Numbers-34-Million-Messages
🕵️♂️ Threat Actor: Gloomer
🌍 Network: Openweb
WhiteIntel.io Data Leak Information
Large datasets may take a moment...
This message will update automatically...
Description
The threat actor Gloomer has claimed to have breached the database of OmniGPT, described as a smaller clone of ChatGPT. The compromised data is being offered for sale and allegedly includes:
Data Details:
- User Information:
- 30,000 emails.
- Approximately 20% of entries include associated phone numbers.
- Message History:
- 34 million lines of conversation logs between users and the AI.
- Uploaded Files:
- Around 6,000 links to documents (PDFs, DOCX files, etc.) containing potentially sensitive information, including credentials.
- Extracted Crypto Keys:
- Approximately 130 private keys for cryptocurrency wallets.
The seller claims the data can be exploited to uncover API keys, credentials, and other sensitive information often shared by users in their messages. The dataset is being sold for $100, which includes all user data, messages, and file URLs.
Implications
For OmniGPT:
- Legal Risks: Potential violations of Thailand’s Personal Data Protection Act (PDPA) and other data privacy regulations.
- Reputational Damage: Customers may lose trust in the company’s ability to secure their data.
- Security Risks: Leaked API keys or credentials may lead to further exploitation or attacks against users and third-party services.
For Affected Individuals:
- Privacy Violations: Exposure of private conversations and personal details.
- Identity Theft: Email addresses and phone numbers could be used for phishing or social engineering.
- Cryptocurrency Theft: Extracted private keys could lead to unauthorized access to wallets and digital assets.
Recommendations
For OmniGPT:
- Immediate Actions:
- Investigate the legitimacy of the breach and assess the full scope of the compromise.
- Notify affected users and regulatory authorities as required by law.
- Secure systems by rotating API keys, invalidating credentials, and patching vulnerabilities.
- Preventative Measures:
- Strengthen encryption for sensitive data storage and transfer.
- Conduct regular security audits and penetration testing.
- Enhance monitoring for suspicious activity on affected systems.
For Users:
- Account Security:
- Change passwords for accounts associated with OmniGPT.
- Enable multi-factor authentication (MFA) wherever possible.
- Fraud Monitoring:
- Regularly check financial accounts and cryptocurrency wallets for unauthorized activity.
- Caution with Communications:
- Be wary of phishing attempts or suspicious links claiming to be from OmniGPT.
Stay tuned to DarkWebInformer.com for updates on this and other cyber threat incidents.
