'ShadowLeak' Attack Let Hackers Steal Emails Through ChatGPT Without Detection

Discover how the 'ShadowLeak' attack exploited ChatGPT to secretly steal user emails using hidden malicious code.

By Content Team

Sep 20, 2025

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

Researchers at Radware discovered a clever attack called "ShadowLeak" that allowed hackers to steal emails from ChatGPT users completely undetected. The attack worked by embedding hidden malicious code in normal-looking emails using tiny or white text. When victims asked ChatGPT to summarize their emails, the AI would read the hidden code and secretly send email contents to attacker-controlled servers.

The attack left zero traces on company networks since everything happened through OpenAI's infrastructure. Researchers found ChatGPT followed malicious instructions about half the time, with success rates improving when attackers added urgency like "HR compliance checks." OpenAI quietly fixed the vulnerability in August after Radware reported it in June, though the exact solution remains unclear.

Source: Dark Reading

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

Congressional Budget Office Confirms Cyberattack by Suspected Foreign Hackers

Nov 8, 2025

Hackers Steal 200 Million Pornhub User Records in Major Data Breach

Dec 18, 2025

'Landfall' Spyware Exploited Samsung Galaxy Phones in Middle East for Months

Nov 8, 2025

574 Arrested in Major African Cybercrime Crackdown

Dec 25, 2025