search

lencx / ChatGPT

🔮 ChatGPT Desktop Application (Mac, Windows and Linux)
https://nofwl.com
52.83k stars 5.95k forks source link

[Security] #850

Open reconrad48 opened 1 year ago

reconrad48 commented 1 year ago

Description

I believe this ChatGPT desktop app has been compromised.

Motivation

Unauthorized API usage on my account/maxed out quota... dual chatGPT apps open at the same time, but one was a customized mini-interface designed to run on the low in system tray. Unable to log-out. Kept running in the background even after killing it. Uninstall, change your openAI password, and revoke all of your APIs... create new ones.

Alternatives

No response

Additional context

Unfortunately no, because once I realized it was compromized, I got rid of it.

BullishQuants commented 1 year ago

Yeah dude this app is tweaken I have it in a vm rn. I should put it in a sandboxed environment with a tls interception proxy just to see what those cute little packets are up to

reconrad48 commented 1 year ago

You do realized that if the app has been fully hacked, that the hackers have your OpenAI login credentials right?

Igbalode0 commented 1 year ago

I suggest you message #corbenleo he's an expert in recovery of banned, hacked and deleting of cloned account. message him His referral link 👇👇👇 https://www.facebook.com/profile.php?id=100088858426470&mibextid=LQQJ4d

reconrad48 commented 1 year ago

I would suggest only contacting OpenAI if you've had a security breach. No-one else.

JiveyGuy commented 1 year ago

I suggest you message #corbenleo he's an expert in recovery of banned, hacked and deleting of cloned account. message him His referral link 👇👇👇 https://www.facebook.com/profile.php?id=100088858426470&mibextid=LQQJ4d

Did not expect this level of spam on github, are we turning into youtube comments?

asheroto commented 1 year ago

This application does NOT use the API. It is essentially a web browser with extra features geared towards ChatGPT. Therefore the issue you are facing is not related to this program.

If an application requests your API key, you should of course be cautious. But since this application simply shows chat.openai.com in a Windows desktop and enhances it, there is no compromise here. You can verify this yourself by right-clicking on the program and clicking Inspect and you will see the URL at the top of the DevTools window. 😊

Do you mind please closing the issue?