[heyzk]

I'm curious about the logistics here, what's preventing OAI from obtaining a copy and invalidating those credentials?

[jackdh]

Likely cheaper just to force everyone to change their password on login.

[Gigachad]

That would be pointless since the malware could just grab the new credentials.

[I_am_tiberius]

OpenAI is run like a YC company. That means they do everything not to distract the user from the core workflow. I think privacy and security are just very low priority to them.

[somsak2]

Are YC-associated companies known for disregarding privacy and security? Haven't heard much about breaches / violations from their toplist https://www.ycombinator.com/topcompanies/valuation

[flangola7]

What is a YC company?

[jazzkingrt]

wouldn't that reward the seller, and still be potentially costly for OpenAI?

[cafeinux]

Any security researcher wanting to analyze the data (or Troy Hunt wanting to add it to haveibeenpwnd.com) will imply someone rewarding the seller, that's inevitable. The sooner, the less the seller can make on this data.