OpenAI bans paying developer who reported credential hijack with 7 months of proof
A paying subscriber who meticulously documented a seven-month credential hijack was banned instead of helped—revealing a dangerous asymmetry in how AI companies handle security incidents.
A paying ChatGPT Plus subscriber since January 2025 detailed a systematic breakdown of their workspace starting October 2025, with total failure by November 2025. OpenAI acknowledged in case 06830839 that the account had persistent issues across tools, memory, personalization, and project files. The user submitted 20 support tickets over seven months with technical diagnostics and replication steps, but received no resolution.
- OpenAI's response to a documented seven-month hijack—banning the victim after 20 tickets—signals a systemic failure in support escalation for paying users.
- Credential hijacks on AI platforms risk exposing sensitive data stored in memory and personalization features, raising privacy and intellectual property concerns.
- Regulators (e.g., under the EU Digital Services Act) may soon consider account termination transparency as a compliance requirement for AI services.
Why It Matters
AI subscription growth depends on trust; opaque support and security gaps could drive power users to competitors with better safeguards.