The official press account of the artificial intelligence (AI) lab OpenAI on X was hacked on Monday night. This is the fifth cybersecurity incident involving the company in the past two years.
Benjamin De Kraker, a developer working for OpenAI’s rival xAI first noticed the situation and warned the public that the account was promoting fake cryptocurrencies.
The official OpenAI Newsroom account has been hacked and is shilling fake shitcoins. pic.twitter.com/hMYsHRWzs2
— Benjamin De Kraker 🏴☠️ (@BenjaminDEKR) September 23, 2024
As usual, the hackers tried to scam the account’s 54,000 followers and get them to invest in a supposedly new crypto asset that OpenAI was promoting called “$OPENAI.” The modus operandi was identical to other recent incidents involving high-profile social media accounts.
The fraudulent post used to announce the token included a link to a website and the promise that users could claim a portion of $OPENAI’s total supply by providing their access credentials to crypto wallets. The goal of this phishing campaign was to siphon the funds contained in the wallet.
To avoid being denounced by the community, the hackers disabled the comments section and justified this action by claiming that they wanted to protect the account’s followers “from malicious links.”
Even though the post has been deleted and the company appears to have regained control of the account, there has been no official statement from OpenAI that addresses the hack or apologizes to its followers and X users.
Various media outlets tried to reach out to the firm but, thus far, they have declined to comment on the matter.
Crypto Scams Siphon Billions from Unwary Social Media Users
This is not the first time that OpenAI has been hit by cybercriminals. Just two days ago, the X account of Jason Wei, an AI researcher who works for the firm, was also breached.
In addition, the X accounts of Mira Murati, OpenAI’s Chief Technology Officer, and Jakub Pachocki, the firm’s Chief Scientist, were also hacked in June 2023 and three months ago respectively.
It appears that its internal safety practices are not as robust as its AI technology and that is a cause for concern. Meanwhile, and perhaps more worrying, a company’s internal forum suffered a breach in 2023 that allegedly exposed proprietary information and data from OpenAI’s employees.
The pattern suggests that the same group of hackers may be behind all of these attacks or that the perpetrators are copying each other’s successful tactics and consider the firm an easy target.
Crypto scams that use impersonation and hacked social media accounts have proliferated lately. The reason is perhaps lax security measures adopted by celebrities and high-profile individuals.
Some of the most recent and most prominent examples include two members of the Trump family, Tiffany and Lara, who had their X accounts hacked as well to promote a fake token that was supposedly linked to a widely-awaited crypto project associated with the Trump Organization.
Back in 2020, several high-profile X accounts were targeted and successfully breached including the ones owned by these individuals:
- Joe Biden
- Kanye West
- Michael Bloomberg
- Barack Obama
- Bill Gates
According to statistics from the Federal Bureau of Investigation (FBI), Americans lost $5.6 billion due to crypto scams in 2023 – a 45% increase compared to 2022. Meanwhile, the FTC has warned that 2024 will be as devastating as prior periods as “pig butchering” scams have become popular among cybercriminals.
Cybersecurity Experts Blast OpenAI for Its Lax Security Measures
Cybersecurity experts have criticized OpenAI’s security practices as these breaches point to severe weaknesses in its internal policies and lax measures. They claim that either the company is failing to enforce best practices like the use of multi-factor or two-factor authentication (2FA) or are being targeted by a sophisticated social engineering campaign.
Tanishq Mathew Abraham, Research Director for StabilityAI, expressed his frustration on X by stating: “OpenAI has a real problem!! This is just two days after Jason Wei’s (researcher at OpenAI) account got hacked! Why haven’t they just told everyone at OpenAI to turn on 2FA for Twitter?! This keeps happening.”
Meanwhile, others have pointed out that these weaknesses could come from X and not OpenAI. However, the frequency with which the latter has been successfully targeted calls into question if they are being careless with keeping their communication channels safe.
It is perhaps bad enough that their employees are being targeted but having an institutional profile hacked calls into question the firm’s internal safety protocols.
These recurring security incidents have the potential to significantly impact OpenAI’s reputation and erode the public’s trust in the company’s ability to secure sensitive information.
Privacy and transparency have been constant talking points among regulators who believe that the company needs to be held accountable for the information it collects from users who use its advanced AI software.
Lessons to Learn from the OpenAI Newsroom’s X Account Hack
The OpenAI hack is a reminder of the importance of implementing robust cybersecurity measures in the digital age. Organizations should enforce strong security protocols, including mandatory 2FA for all accounts and conduct regular security audits and penetration testing to protect their systems from catastrophic breaches.
Cybersecurity training for all employees is also regularly advised by experts along with developing incident response plans.
Individuals should always enable two-factor authentication (2FA) on social media and other online accounts, be skeptical of unsolicited contacts, and verify information through official channels before taking any action. It is also inappropriate to connect cryptocurrency wallets to unfamiliar or suspicious websites.
The hack of OpenAI’s press account on X highlights the persistent threat of cryptocurrency scams. These incidents have dramatically affected both individuals and organizations in the past four years and have managed to siphon billions from their wallets.
As AI continues to shape the future of technology, ensuring the security and integrity of the systems owned and operated by companies like OpenAI is crucial to reducing the potential for harm to consumers.
In Europe, OpenAI has been scrutinized by data privacy watchdogs from Italy and Austria while an inquiry has been opened in the United Kingdom to investigate how the company handles and uses the data from individuals who subscribe to their services.
Future regulations will need to balance innovation with security concerns. As these technologies become more integrated into people’s daily life, there will be an increasing need for public education about cybersecurity risks and best practices.