Fake OpenAI Organization Invitations Used to Steal Corporate Data

Attackers exploit OpenAI's organization invite system to create poisoned tenants that harvest sensitive prompts, API activity, and corporate data from unsuspecting employees.

CSBadmin
2 Min Read

Attack Method

Hackers are exploiting OpenAI’s organization invitation system to carry out a “poisoned tenant” attack. Security researchers at Push Security discovered that attackers created a fake organization using a real company name and sent legitimate looking invitations through OpenAI’s official notification system. These emails passed all authentication checks and appeared identical to genuine collaboration requests, with the only subtle clue being a mismatch between the inviter’s domain and the recipient’s corporate domain.

Once a recipient clicks the invitation link, their account is instantly linked to the attacker controlled tenant with a single click and no additional verification. The attackers impersonated company executives and granted all invited users Owner privileges with full administrative access. They also added a credit card to the account to remove friction and avoid suspicion.

Impact and Scope

The primary goal is long term data harvesting rather than immediate credential theft. If employees begin using the compromised organization for work, any prompts entered, data uploaded, or API usage becomes visible to the attackers. This could expose source code, internal documents, security research, and customer information. Researchers warn that attackers could escalate access by sharing malicious chats, injecting harmful prompts, or abusing third party integrations, potentially leading to data exfiltration and lateral movement across connected services like email and cloud storage.

This campaign is part of a broader trend where threat actors weaponize trusted SaaS platforms as attack vectors. Similar abuse has been observed across OpenAI, GitHub, and Jira, where attackers embed malicious content into platform generated notifications. Because these messages originate from legitimate domains, they bypass many traditional security controls. Organizations must improve visibility into SaaS usage, monitor which external tenants employees join, and educate users that even authentic platform emails can carry security risks.

Source: Cyber Security News

CSBadmin

The latest in cybersecurity news and updates.

Share This Article
Follow:
The latest in cybersecurity news and updates.