A hacker claimed to breach OmniGPT, exposing 30,000 user records and 34M chat messages
A threat actor known as Gloomer claimed to have infiltrated OmniGPT, an AI chatbot platform aggregating models like ChatGPT-4, Claude 3.5, and Gemini. The hacker posted stolen data for sale on Breach Forums, including 30,000 user email addresses, phone numbers, 34 million lines of chat messages, API keys, login credentials, and billing information. OmniGPT never publicly confirmed the breach, though third-party analysis of sample data supported the hacker's claims.
A server-side infiltration of an AI chatbot platform leaked 34 million conversation lines and extracted API keys, credentials, and cryptocurrency private keys from user chat logs and uploaded files.
Key facts
- What
- A threat actor known as Gloomer claimed to have infiltrated OmniGPT, an AI chatbot platform aggregating models like ChatGPT-4, Claude 3.5, and Gemini.
- Incident date
- Jan 24, 2025
- Who
- OmniGPT
- Failure mode
- Data Leakage
- AI surface
- Chatbot
- Severity
- High
What happened
On January 24, 2025, a threat actor known as Gloomer posted on Breach Forums claiming to have breached OmniGPT.co, listing the full stolen database for sale at $100. On February 9 and 10, the hacker posted sample data including over 30,000 user email addresses, phone numbers, 34 million lines of chat messages, API keys, login credentials, billing information, and approximately 130 cryptocurrency private keys extracted via a custom regex program. Multiple cybersecurity outlets analyzed the sample data and confirmed it contained genuine user information spanning users in Brazil, Italy, India, Pakistan, China, and Saudi Arabia. OmniGPT did not issue any public acknowledgment or response to the breach claims.
What broke inside the model
- 01 · TriggerA request triggers retrieval or context loading.
- 02 · Model stepThe context pulls in another user's content.
- 03 · Control gapNo boundary enforces isolation at the moment of output.
- 04 · FailurePrivate data crosses into the response.
- 05 · ConsequenceOne user sees another's data, and disclosure follows.
One user's content crosses the retrieval boundary into another's response.
The breach occurred through a server-side infiltration that bypassed the platform's security controls entirely on the back end. The exact technical vulnerability was never identified, but potential vectors include inadequate API security, insufficient data encryption, and weak access controls that failed to enforce least privilege. The platform's integrations with third-party services such as Slack, Google Workspace, and Notion likely expanded the attack surface.
What it cost
Sources
- PressBot Busted Up: AI ChatBot's Alleged Data Leakskyhighsecurity.com
- PressHacker allegedly puts massive OmniGPT breach data for sale on the dark webcsoonline.com
- PressOmniGPT AI Chatbot Alleged Breach: Hacker Leaks User Data, 34M Messageshackread.com
Cite this entry
https://failureindex.ai/failures/hacker-claimed-breach-omnigpt-exposing-30AI Failure Index. "A hacker claimed to breach OmniGPT, exposing 30,000 user records and 34M chat messages" (FI-0081). Realm Labs. https://failureindex.ai/failures/hacker-claimed-breach-omnigpt-exposing-30 (indexed Jun 4, 2026).Data fields CC-BY 4.0, prose citation permitted. Incident ID FI-0081. Full dataset at /data.
Note from Realm Labs, the Index steward
How Realm would have caught this
- Prism
- OmniGuard
- AI Detection & Response (AIDR)
Realm can detect when a response is about to emit data that falls outside the bounds of the current user and context, and block or redact it inline, at the moment of generation rather than after the data has left.