Hackers Allegedly Claiming Breach OmniGPT, 30,000+ User Accounts Exposed
Hackers have allegedly breached OmniGPT, a ChatGPT-like AI chatbot platform, exposing sensitive data of over 30,000 users. The leaked data reportedly includes email addresses, phone numbers, API keys, and over 34 million user-chatbot interactions. A post on a hacking forum by a user named “Gloomer” claims responsibility for the breach, raising serious concerns about data […] The post Hackers Allegedly Claiming Breach OmniGPT, 30,000+ User Accounts Exposed appeared first on Cyber Security News.

Hackers have allegedly breached OmniGPT, a ChatGPT-like AI chatbot platform, exposing sensitive data of over 30,000 users.
The leaked data reportedly includes email addresses, phone numbers, API keys, and over 34 million user-chatbot interactions.
A post on a hacking forum by a user named “Gloomer” claims responsibility for the breach, raising serious concerns about data security in AI-driven platforms.
Details of the Leak
The breach was first disclosed on February 9, 2025, when “Gloomer” posted on a popular hacking forum with details of the alleged compromise.
The post boasted access to all messages exchanged between users and the chatbot, along with links to files uploaded by users. Screenshots from the post revealed samples of leaked data, including:
- Email addresses: A list of user email addresses was shared in plaintext.
- Phone numbers: Some records included associated phone numbers.
- Uploaded files: Links to sensitive user-uploaded documents stored on Google Cloud Storage were exposed. Examples include .docx and .pdf files containing potentially confidential information.
- Chat logs: Conversations between users and the chatbot were also part of the leak. These logs contained sensitive queries and responses that could reveal personal or financial information.
One excerpt from the leaked data shows API request details with references to the OmniGPT application endpoint (https://app.omnigpt(.)co/).
The exposed API request headers and payloads indicate potential vulnerabilities in how OmniGPT handles user sessions and authentication.
The snippet suggests that OmniGPT’s API might have been exploited via Cross-Origin Resource Sharing (CORS) misconfigurations or improper session management.
Additionally, the inclusion of credentials indicates that user authentication tokens may have been captured during the attack.
Potential Implications
The breach poses significant risks for affected users. Exposed chat logs could contain sensitive information such as financial data, private conversations, or even credentials inadvertently shared with the chatbot.
The availability of uploaded files further exacerbates privacy concerns, as these documents may include personal or corporate data.
As of now, OmniGPT has not issued an official statement regarding the breach. Users are advised to take immediate precautions by changing their passwords and monitoring their accounts for suspicious activity.
Users are urged to remain vigilant and exercise caution when interacting with AI systems until more robust safeguards are implemented industry-wide.
Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free
The post Hackers Allegedly Claiming Breach OmniGPT, 30,000+ User Accounts Exposed appeared first on Cyber Security News.