Jun 08, 2023 15:00:00

``Pirate GPT-4'' that uses GPT-4 for free and makes others pay the fee is rampant

Motherboard reported that it was confirmed that GPT-4 was used for free by

scraping OpenAI's API key, which the developer had released without realizing it, by exploiting the jointly writing service. .

People Are Pirating GPT-4 By Scraping Exposed API Keys
https://www.vice.com/en/article/93kkky/people-pirating-gpt4-scraping-openai-api-keys

If you want to use a large-scale language model such as GPT-4 at the time of article creation, you need to create an account on the OpenAI site and register a credit card. When you create an account, you will be given a unique API key for using AI, so app developers can develop apps that utilize AI by incorporating this key into their apps.

Since API keys are billed based on usage, OpenAI states on the page that describes API keys, ``Please note that API keys are confidential. or other client-side code.'

However, Motherboard has found instances where API tokens stolen from others are used to provide functionality to others for free, such as through Discord servers. Some of the stolen API keys had a usage amount of $ 1039.37 (about 140,000 yen) in June 2023. One person who goes by the handle 'Discodtehe' said on the Discord server r/ChatGPT, 'I haven't been banned from my account yet for all this mess.'

These API keys are believed to have leaked through Replit (Repl.it), an online coding platform. When Motherboard examined Discord's chat log, a message posted in March reported that 'When scraping Repl.it the other day, more than 1000 OpenAI API keys were found.'

Replit allows users to create a project called 'Repl', which is published by default. Cecilia Giniti, Replit's legal counsel and head of business development, said that Replit has a function called 'Secrets' for handling API keys, and said, 'Some people accidentally put tokens in Secrets. Instead of storing them, they are written directly into Repl's code. Users are responsible for protecting their own tokens and should not store such tokens in public code.'

Discodtehe not only scrapes API keys, but also publishes a Discord server that claims 'free access to GPT-4 and GPT-3.5-turbo'. He also said he created a site to request free access to API keys.

This site was hosted by Replit and is inaccessible at the time of article creation. When Motherboard accesses the site when access is possible, enter your email address in the input field, click the link sent by OpenAI to receive the invitation, and it seems that Discodtehe is using the billing address. I was guided to set it to the organization name 'weeeeee' that is available.

Discodtehe did not respond to Motherboard's request for comment. Also, the administrator of the Discord server used by Discodtehe said, ``Since volunteer moderators can't check all projects, we are responding by issuing a ban to users.'' .

The reaction from community members on the Discord server was mixed, with some saying that it should be stopped, while others pointed out that the topic of Google's cloud account API being stolen was rare, and said, ``Google's The API key is not stolen because Google has a better authentication process.There is also a comment saying that the mechanism of OpenAI's authentication process is also a little responsible.

An OpenAI spokesperson told Motherboard, 'We run automated scans of our large open repositories and revoke any OpenAI keys that we find. We advise users not to expose their API keys, and if users think they may have exposed their API keys, we urge them to renew their keys immediately.' .