A Threat Actor is Claiming to Sell Data of OmniGPT

💡This post is part of Free Post Friday! If you're not a paid subscriber to the platform, these are some of the details you would see if you were a paid subscriber!

QUICK FACTS
🔗 DarkWebInformer.com - Cyber Threat Intelligence
📅 Date: 2025-01-24 19:52:44
🚨 Title: Alleged Data Sale of OmniGPT
🛡️ Victim Country: Thailand
🏭 Victim Industry: Information Technology (IT) Services
🏢 Victim Organization: OmniGPT
🌐 Victim Site: omnigpt.co
📜 Category: Data Leak
🔗 Claim: https://breachforums.st/Thread-DATABASE-Omnigpt-co-ChatGPT-Copycat-30k-User-Emails-Phone-Numbers-34-Million-Messages
🕵️‍♂️ Threat Actor: Gloomer
🌍 Network: Openweb

WhiteIntel.io Data Leak Information

Description

The threat actor Gloomer has claimed to have breached the database of OmniGPT, described as a smaller clone of ChatGPT. The compromised data is being offered for sale and allegedly includes:

Data Details:

• User Information:
  • 30,000 emails.
  • Approximately 20% of entries include associated phone numbers.
• Message History:
  • 34 million lines of conversation logs between users and the AI.
• Uploaded Files:
  • Around 6,000 links to documents (PDFs, DOCX files, etc.) containing potentially sensitive information, including credentials.
• Extracted Crypto Keys:
  • Approximately 130 private keys for cryptocurrency wallets.

The seller claims the data can be exploited to uncover API keys, credentials, and other sensitive information often shared by users in their messages. The dataset is being sold for $100, which includes all user data, messages, and file URLs.

Implications

For OmniGPT:

• Legal Risks: Potential violations of Thailand’s Personal Data Protection Act (PDPA) and other data privacy regulations.
• Reputational Damage: Customers may lose trust in the company’s ability to secure their data.
• Security Risks: Leaked API keys or credentials may lead to further exploitation or attacks against users and third-party services.

For Affected Individuals:

• Privacy Violations: Exposure of private conversations and personal details.
• Identity Theft: Email addresses and phone numbers could be used for phishing or social engineering.
• Cryptocurrency Theft: Extracted private keys could lead to unauthorized access to wallets and digital assets.

Recommendations

For OmniGPT:

• Immediate Actions:
  • Investigate the legitimacy of the breach and assess the full scope of the compromise.
  • Notify affected users and regulatory authorities as required by law.
  • Secure systems by rotating API keys, invalidating credentials, and patching vulnerabilities.
• Preventative Measures:
  • Strengthen encryption for sensitive data storage and transfer.
  • Conduct regular security audits and penetration testing.
  • Enhance monitoring for suspicious activity on affected systems.

For Users:

• Account Security:
  • Change passwords for accounts associated with OmniGPT.
  • Enable multi-factor authentication (MFA) wherever possible.
• Fraud Monitoring:
  • Regularly check financial accounts and cryptocurrency wallets for unauthorized activity.
• Caution with Communications:
  • Be wary of phishing attempts or suspicious links claiming to be from OmniGPT.

Stay tuned to DarkWebInformer.com for updates on this and other cyber threat incidents.