I made an application using OpenAIKIT with SwiftUI code, I have been using it for 2 months by getting API, yesterday hackers used all my balance from my api address, today I deleted the api address, I uploaded a new api address, then they used the balances in my new api address again, have you experienced this problem? Where is the problem??
#hacked API
mellow crescent
pale glen
how are you processing the api response? are you doing it within the user's session?
drowsy bridge
what is this doing here??
clear tendon
Assume they are able to read/copy everything in you gpt instructions. Also if you are using actions are the API calls visible in the network tab?
shadow hearth
First of all, it might be a good idea to shut it down while you don't know the source of your API credentials leak. Then, after that, consider contacting the OpenAI support, maybe you can get those charges reversed, but don't count on that.
Now, having that sorted, it will be nice for you to check some of the best practices for securing your cedentials when setting up any sort of online services
as a short summary of the best practices for credentials: credentials must not exist on the client side, in any shape or form, it must not be in the source code, not in a file, not temporarily in memory, even if it is encrypted in some way.
For as long as the credentials exist on the client, even for a fraction of a second, a malicious actor can extract it from your application