Skip to Content
logologo
AI Incident Database
Open TwitterOpen RSS FeedOpen FacebookOpen LinkedInOpen GitHub
Open Menu
Discover
Submit
  • Welcome to the AIID
  • Discover Incidents
  • Spatial View
  • Table View
  • List view
  • Entities
  • Taxonomies
  • Submit Incident Reports
  • Submission Leaderboard
  • Blog
  • AI News Digest
  • Risk Checklists
  • Random Incident
  • Sign Up
Collapse
Discover
Submit
  • Welcome to the AIID
  • Discover Incidents
  • Spatial View
  • Table View
  • List view
  • Entities
  • Taxonomies
  • Submit Incident Reports
  • Submission Leaderboard
  • Blog
  • AI News Digest
  • Risk Checklists
  • Random Incident
  • Sign Up
Collapse
Entities

Microsoft Azure OpenAI Service

Incidents involved as Deployer

Incident 9561 Report
Alleged Inclusion of 12,000 Live API Keys in LLM Training Data Reportedly Poses Security Risks

2025-02-28

A dataset used to train large language models allegedly contained 12,000 live API keys and authentication credentials. Some of these were reportedly still active and allowed unauthorized access. Truffle Security found these secrets in a December 2024 Common Crawl archive, which spans 250 billion web pages. The affected credentials could have been exploited for unauthorized data access, service disruptions, financial fraud, and a variety of other malicious uses.

More

Incidents implicated systems

Incident 9555 Report
Global Cybercrime Network Storm-2139 Allegedly Exploits AI to Generate Deepfake Content

2024-12-19

A global cybercrime network, Storm-2139, allegedly exploited stolen credentials and developed custom tools to bypass AI safety guardrails. They reportedly generated harmful deepfake content, including nonconsensual intimate images of celebrities, and their software is reported to have disabled content moderation, hijacked AI access, and resold illicit services. Microsoft disrupted the operation and filed a lawsuit in December 2024, later identifying key members of the network in February 2025.

More

Related Entities
Other entities that are related to the same incident. For example, if the developer of an incident is this entity but the deployer is another entity, they are marked as related entities.
 

Entity

Unidentified Storm-2139 actor from Illinois

Incidents involved as both Developer and Deployer
  • Incident 955
    5 Reports

    Global Cybercrime Network Storm-2139 Allegedly Exploits AI to Generate Deepfake Content

More
Entity

Unidentified Storm-2139 actor from Florida

Incidents involved as both Developer and Deployer
  • Incident 955
    5 Reports

    Global Cybercrime Network Storm-2139 Allegedly Exploits AI to Generate Deepfake Content

More
Entity

Storm-2139

Incidents involved as both Developer and Deployer
  • Incident 955
    5 Reports

    Global Cybercrime Network Storm-2139 Allegedly Exploits AI to Generate Deepfake Content

More
Entity

Ricky Yuen (cg-dot)

Incidents involved as both Developer and Deployer
  • Incident 955
    5 Reports

    Global Cybercrime Network Storm-2139 Allegedly Exploits AI to Generate Deepfake Content

More
Entity

Phát Phùng Tấn (Asakuri)

Incidents involved as both Developer and Deployer
  • Incident 955
    5 Reports

    Global Cybercrime Network Storm-2139 Allegedly Exploits AI to Generate Deepfake Content

More
Entity

Arian Yadegarnia (Fiz)

Incidents involved as both Developer and Deployer
  • Incident 955
    5 Reports

    Global Cybercrime Network Storm-2139 Allegedly Exploits AI to Generate Deepfake Content

More
Entity

Alan Krysiak (Drago)

Incidents involved as both Developer and Deployer
  • Incident 955
    5 Reports

    Global Cybercrime Network Storm-2139 Allegedly Exploits AI to Generate Deepfake Content

More
Entity

Victims of deepfake abuse

Incidents Harmed By
  • Incident 955
    5 Reports

    Global Cybercrime Network Storm-2139 Allegedly Exploits AI to Generate Deepfake Content

More
Entity

OpenAI

Incidents involved as both Developer and Deployer
  • Incident 956
    1 Report

    Alleged Inclusion of 12,000 Live API Keys in LLM Training Data Reportedly Poses Security Risks

Incidents Harmed By
  • Incident 955
    5 Reports

    Global Cybercrime Network Storm-2139 Allegedly Exploits AI to Generate Deepfake Content

More
Entity

Microsoft

Incidents involved as both Developer and Deployer
  • Incident 956
    1 Report

    Alleged Inclusion of 12,000 Live API Keys in LLM Training Data Reportedly Poses Security Risks

Incidents Harmed By
  • Incident 955
    5 Reports

    Global Cybercrime Network Storm-2139 Allegedly Exploits AI to Generate Deepfake Content

  • Incident 956
    1 Report

    Alleged Inclusion of 12,000 Live API Keys in LLM Training Data Reportedly Poses Security Risks

More
Entity

celebrities

Incidents Harmed By
  • Incident 955
    5 Reports

    Global Cybercrime Network Storm-2139 Allegedly Exploits AI to Generate Deepfake Content

More
Entity

Azure OpenAI customers

Incidents Harmed By
  • Incident 955
    5 Reports

    Global Cybercrime Network Storm-2139 Allegedly Exploits AI to Generate Deepfake Content

More
Entity

AI service providers

Incidents Harmed By
  • Incident 955
    5 Reports

    Global Cybercrime Network Storm-2139 Allegedly Exploits AI to Generate Deepfake Content

More
Entity

Proxy and credential abuse networks

Incidents implicated systems
  • Incident 955
    5 Reports

    Global Cybercrime Network Storm-2139 Allegedly Exploits AI to Generate Deepfake Content

More
Entity

Generative AI platforms

Incidents implicated systems
  • Incident 955
    5 Reports

    Global Cybercrime Network Storm-2139 Allegedly Exploits AI to Generate Deepfake Content

More
Entity

Content moderation systems

Incidents implicated systems
  • Incident 955
    5 Reports

    Global Cybercrime Network Storm-2139 Allegedly Exploits AI to Generate Deepfake Content

More
Entity

Azure Abuse Enterprise

Incidents implicated systems
  • Incident 955
    5 Reports

    Global Cybercrime Network Storm-2139 Allegedly Exploits AI to Generate Deepfake Content

More
Entity

API authentication mechanisms

Incidents implicated systems
  • Incident 955
    5 Reports

    Global Cybercrime Network Storm-2139 Allegedly Exploits AI to Generate Deepfake Content

More
Entity

AI safety guardrails

Incidents implicated systems
  • Incident 955
    5 Reports

    Global Cybercrime Network Storm-2139 Allegedly Exploits AI to Generate Deepfake Content

More
Entity

Common Crawl

Incidents involved as both Developer and Deployer
  • Incident 956
    1 Report

    Alleged Inclusion of 12,000 Live API Keys in LLM Training Data Reportedly Poses Security Risks

More
Entity

AWS

Incidents Harmed By
  • Incident 956
    1 Report

    Alleged Inclusion of 12,000 Live API Keys in LLM Training Data Reportedly Poses Security Risks

More
Entity

Slack

Incidents Harmed By
  • Incident 956
    1 Report

    Alleged Inclusion of 12,000 Live API Keys in LLM Training Data Reportedly Poses Security Risks

More
Entity

Mailchimp

Incidents Harmed By
  • Incident 956
    1 Report

    Alleged Inclusion of 12,000 Live API Keys in LLM Training Data Reportedly Poses Security Risks

More
Entity

Google

Incidents Harmed By
  • Incident 956
    1 Report

    Alleged Inclusion of 12,000 Live API Keys in LLM Training Data Reportedly Poses Security Risks

More
Entity

Intel

Incidents Harmed By
  • Incident 956
    1 Report

    Alleged Inclusion of 12,000 Live API Keys in LLM Training Data Reportedly Poses Security Risks

More
Entity

Huawei

Incidents Harmed By
  • Incident 956
    1 Report

    Alleged Inclusion of 12,000 Live API Keys in LLM Training Data Reportedly Poses Security Risks

More
Entity

PayPal

Incidents Harmed By
  • Incident 956
    1 Report

    Alleged Inclusion of 12,000 Live API Keys in LLM Training Data Reportedly Poses Security Risks

More
Entity

IBM

Incidents Harmed By
  • Incident 956
    1 Report

    Alleged Inclusion of 12,000 Live API Keys in LLM Training Data Reportedly Poses Security Risks

More
Entity

Tencent

Incidents Harmed By
  • Incident 956
    1 Report

    Alleged Inclusion of 12,000 Live API Keys in LLM Training Data Reportedly Poses Security Risks

More
Entity

Common Crawl dataset (December 2024 archive)

Incidents implicated systems
  • Incident 956
    1 Report

    Alleged Inclusion of 12,000 Live API Keys in LLM Training Data Reportedly Poses Security Risks

More
Entity

Microsoft Copilot

Incidents implicated systems
  • Incident 956
    1 Report

    Alleged Inclusion of 12,000 Live API Keys in LLM Training Data Reportedly Poses Security Risks

More
Entity

Google Gemini

Incidents implicated systems
  • Incident 956
    1 Report

    Alleged Inclusion of 12,000 Live API Keys in LLM Training Data Reportedly Poses Security Risks

More
Entity

Anthropic Claude

Incidents implicated systems
  • Incident 956
    1 Report

    Alleged Inclusion of 12,000 Live API Keys in LLM Training Data Reportedly Poses Security Risks

More
Entity

ChatGPT

Incidents implicated systems
  • Incident 956
    1 Report

    Alleged Inclusion of 12,000 Live API Keys in LLM Training Data Reportedly Poses Security Risks

More
Entity

xAI Grok

Incidents implicated systems
  • Incident 956
    1 Report

    Alleged Inclusion of 12,000 Live API Keys in LLM Training Data Reportedly Poses Security Risks

More
Entity

DeepSeek

Incidents implicated systems
  • Incident 956
    1 Report

    Alleged Inclusion of 12,000 Live API Keys in LLM Training Data Reportedly Poses Security Risks

More
Entity

LLMs trained on compromised data

Incidents implicated systems
  • Incident 956
    1 Report

    Alleged Inclusion of 12,000 Live API Keys in LLM Training Data Reportedly Poses Security Risks

More

Research

  • Defining an “AI Incident”
  • Defining an “AI Incident Response”
  • Database Roadmap
  • Related Work
  • Download Complete Database

Project and Community

  • About
  • Contact and Follow
  • Apps and Summaries
  • Editor’s Guide

Incidents

  • All Incidents in List Form
  • Flagged Incidents
  • Submission Queue
  • Classifications View
  • Taxonomies

2024 - AI Incident Database

  • Terms of use
  • Privacy Policy
  • Open twitterOpen githubOpen rssOpen facebookOpen linkedin
  • 9427ecd