惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Forbes - Security
Forbes - Security
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
P
Palo Alto Networks Blog
Martin Fowler
Martin Fowler
T
Threatpost
D
Docker
S
Schneier on Security
M
MIT News - Artificial intelligence
G
Google Developers Blog
L
LINUX DO - 热门话题
J
Java Code Geeks
月光博客
月光博客
博客园 - 三生石上(FineUI控件)
IT之家
IT之家
博客园 - Franky
C
Cyber Attacks, Cyber Crime and Cyber Security
K
Kaspersky official blog
Google DeepMind News
Google DeepMind News
N
News and Events Feed by Topic
V
Vulnerabilities – Threatpost
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
人人都是产品经理
人人都是产品经理
Spread Privacy
Spread Privacy
T
Tailwind CSS Blog
爱范儿
爱范儿
阮一峰的网络日志
阮一峰的网络日志
U
Unit 42
C
CERT Recently Published Vulnerability Notes
The GitHub Blog
The GitHub Blog
Simon Willison's Weblog
Simon Willison's Weblog
NISL@THU
NISL@THU
MongoDB | Blog
MongoDB | Blog
Application and Cybersecurity Blog
Application and Cybersecurity Blog
H
Heimdal Security Blog
Recorded Future
Recorded Future
云风的 BLOG
云风的 BLOG
SecWiki News
SecWiki News
P
Privacy International News Feed
P
Proofpoint News Feed
O
OpenAI News
B
Blog
腾讯CDC
F
Full Disclosure
Apple Machine Learning Research
Apple Machine Learning Research
T
Tor Project blog
H
Hacker News: Front Page
Project Zero
Project Zero
Hugging Face - Blog
Hugging Face - Blog
C
Cisco Blogs
S
Security Affairs

OpenAI

Codex 多了个宠物功能,大家都有做啥有意思的宠物 只有我这么感觉吗? codex 5.5 比 cc 4.7 速度慢了 7-10 倍。。 求助: chatGPT 网络配置问题 切换 ChatGPT 从美区到土耳其有无风险? 大家现在都是用什么办法订阅 gpt pro 的? 准备买正价的 openapi pro 5x, apple 美国店 准备 100 刀的礼品卡 够不够? 或者 120 刀? Codex 5x 5 小时额度大概能用多少 Token 呢?想对比一下中转站和官方订阅 Codex 每个会话里的 Context 满了,自动压缩总是过不去 你们 Codex 弹电话验证了吗 我最近發現 chatgpt 可以綁 apple 年付的,我也是才知道 5.5 codex 模型是不是更耗流量了...... Codex 登录需要验证手机号了 chatgpt 代充这是常规操作 还是我被坑了 GPT pro 模型(5x plan)一周大约可以用几次? 哪个国家 appstore 订阅 openai pro 5x 价格最低? plus 怎么感觉越来越不经蹬了 强如 Codex GPT 5.5 竟也会犯如此低级错误 纯免费 GPT-Image-2 AI 生图服务:限时 无需任何登录 在不考虑封号风险的情况下, GPT-5.5 vs Opus 4.7 使用体验上哪个更好? chatgpt 充值求助 现在有什么稳定订阅 Chatgpt 的方法吗 慢讯 Free 计划用户继可以用 image-2 后,今天开始可以在 codex 内调用 GPT-5.5 Codex (APP) 保姆级全攻略,海量实战教程, 一文精通 关于 xiaomi MiMo Token Plan 的套路我一一说下 Codex 额度锁死 100%,这正常吗? 我做了一个 AI 电商生图工具: 13 场景预设 + 数据全在浏览器(1 毛 6 一张) Codex 最近的更新速度搭上火箭了吗? 有没有靠谱的 GPT Pro 代充站 我的 GPT 是猫,你呢 😄 Codex 额度又重置了 ? 有没有类似 ChatGPT 这种 Agent 能力的 API qwen3.6 27b 本地编码测试 现在还有什么 gpt 账号 plus 的渠道吗?号商别再内斗了 chatgpt 充值 5x pro 前已经订阅了 plus,那 plus 的 20 刀就没了吗 免费领取 plus/team codex 使用 5.4 以上版本模型压缩上下文总失败? 各位大佬,有没有注册机可以用的,有偿 请问,调用 gpt-image-2 通过 api 的方式使用,请问用什么 app 呢? 试用的路子是也没了吗 Chatgpt 5.5 发布了 天下苦 Claude 久矣, GPT 就出招了, 5.5 目测下限是 opus 4.6 GPT 5.5 发布了 openai 发布了 gpt5.5 想要多人拼车开 gpt pro 100 刀 GPT Image2 有需求玩一下,现在怎么开 PLUS 最稳 GPT Image 2 太惊艳了,随手试了几张图 注册机 OpenAI 警告邮件: Cyber Abuse 为啥感觉 gpt 比国产模型便宜多了,是错觉吗? Copilot 用不了?突然不能用了,各位有这个问题吗 - V2EX windows 的 codex 有非商店版的么? gpt-image-2 太顶了 codex 开始灰度 GPT 5.5 了 gpt-image-2 生图确实很顶啊,附带几张生成效果。 GPT Image2 杀死 app screenshots 赛道 求怎么开 plus 啊,我的要到期了,天才程序员要陨落了 - V2EX GPT Image 2 上线了! - V2EX 额度削减后的 Plus Codex 大概是周限额 100 刀 Token 的样子 OpenAI Platform 的支付方式,只支持信用卡/借记卡支付吗? 港卡扣账卡原来不能开 gptplus 关于“AI 思考”长度 靠谱的 chatgpt plus 会员途径 ChatGPT 竟然敢阴阳怪气的:「洗你人,不洗车。」你们的这货也是这么贱贱的吗 OCBC 充值 OpenAI API Codex 周额度又刷新了,省着用的血亏 vibe coding 投毒真是一个大问题 在有完整模板的情况下, AI 生成 PPT 哪家强? 以防你不知道 Codex App 偷偷加了 SSH 远程开发功能 gpt 6.0 到底什么时候发布呀,各种新闻说明天发,怎么还没动静,隔壁 claude 都发布最新的了 deep research 生成的研究报告效果如何? 低价 GPT 到底有多少漏洞,怎么封了还有 偷偷篡改 function call 的数据,居然被 AI 察觉了😮 各大 AI 平台网页版和 api 质量有差异吗? 你的 plus 还好吗? 现在到底是什么模型强?性价比高? 低价 GPT 订阅漏洞已被捅到官方脸上 这波 GPT Codex 曝光后续的操作过于逆天 gpt-image-2 和 nano-banana-2 对比 从 X 上搬运来的白嫖 GPT Plus 教程 OpenAI GPT-IMAGE-2 提示词合集 App → CLI → App ? openrouter 使用国外模型 分享下最近低价 GPT Codex 的来源(源头) OpenAI 发布 Codex 重大更新:支持自动操作电脑与长期任务自动化 同一个 appleid 可以给不同 chatGPT 账号订阅 plus 吗? 某鱼上 codex 的价格这么便宜是否有猫腻? (真实性待验证)关于低价 GPT 账号怎么来的 目前付费订阅 chatgpt Plus 的最佳方式是什么? Chatgpt Pro 用量用不完的可以开这些设置 ChatGPT Pro 5x 套餐 量真的很足! Codex 里的 GPT5.4 也能降智?上午让它改两个问题,改了一个小时了, plus 额度用了一半了还是没改好,和前几天用的体感完全不一样。要它改的问题也不复杂。服了。 opencode 消息周知插件 OpenAI Plus 和 Team 都缩水了吗 讯飞星辰的 Coding Plan 如何? 火山云的 Coding Plan 值得买吗? Doubao-Seed-2.0-Code、Doubao-Seed-2.0-pro 这 2 个模型怎么样? - V2EX GPT-6 准备发牌了!聊聊最近折腾 Hermes-Agent 的一点心得 今日份 GPT 5.4 笑话 刚升级到 Pro 100 美金订阅,怎么还不如原先的 Plus20 耐用了 Anthropic 出了三种 Agent 架构, SDK / Teams / Managed,大家在用哪种? 昨天刚充了 10 刀 API 余额,今天就被封号了 - V2EX
[吃瓜] 有人在 Openai 论坛举报了谷歌英国 Plus 专业版计划被广泛滥用,但是并没有给出可复现的技术细节
longxinglink · 2026-04-19 · via OpenAI

https://community.openai.com/t/google-uk-plus-pro-plan-is-being-widely-abused/1379242

To the OpenAI technical department

I am writing to formally report a serious and increasingly organized abuse of the ChatGPT Plus “first-month free trial” promotion, as well as the ChatGPT Pro subscription plan, both of which are currently being exploited through technical means in certain regions such as the United Kingdom and Japan. Based on sustained observation and analysis, certain unauthorized actors are leveraging advanced techniques to systematically intercept, manipulate, and resell promotional eligibility and subscription access at scale. This activity has evolved into a structured gray-market operation, posing significant risks to platform integrity, user security, and fair market competition.

  1. Technical Methods and Operational Workflow (Key Findings) The misconduct observed extends beyond simple account reselling and demonstrates a high degree of technical sophistication. The primary methods include:

Traffic Interception (Packet Capture) Unauthorized actors utilize packet capture tools to intercept and analyze network requests generated during the registration and activation processes of eligible users in designated regions (e.g., the UK and Japan). Through this process, critical parameters—such as subscription identifiers, regional markers, and promotional eligibility tokens—are extracted.

Credential Extraction and Reverse Engineering By analyzing API responses and validation logic, these actors identify key fields governing trial eligibility and subscription validation. This enables them to extract and reconstruct credentials in a transferable or reusable form.

Cross-Account Reuse and Credential Replay (“Rebinding”) The extracted eligibility credentials are reused or replayed across different accounts by modifying request parameters or reissuing intercepted requests. This allows promotions or subscription states—originally restricted to specific regions and user conditions—to be applied to other accounts, including those outside eligible regions or with prior subscription history.

Extension to Paid Subscription Abuse (ChatGPT Pro) In addition to the abuse of free trial eligibility, similar techniques are reportedly being applied to the ChatGPT Pro subscription plan. Unauthorized actors appear to exploit intercepted or manipulated subscription flows to provide access to Pro-level services at artificially low prices, further amplifying market distortion and platform risk.

Commercialization and Gray-Market Distribution These unlawfully obtained and reused trial entitlements and subscription accesses are subsequently packaged and sold through third-party platforms, social media channels, or private transactions at significantly discounted prices, forming a profit-driven gray-market ecosystem.

  1. Risk and Impact Assessment

This behavior introduces multiple layers of risk and adverse impact:

Violation of Platform Policies and Compliance Standards: These actions clearly bypass the intended constraints of both promotional offers and paid subscription models, undermining enforcement of terms such as regional eligibility, first-time use, and non-transferability.

Distortion of Market Pricing Structures: Artificially low resale prices disrupt both trial conversion funnels and standard subscription pricing (including Plus and Pro tiers), compromising fair competition and revenue integrity.

User Security and Privacy Risks: Users engaging in such transactions may be required to share account credentials or undergo abnormal procedures, exposing them to account compromise, data leakage, or potential suspension.

Increased Burden on Platform Risk Control Systems: Abnormal activation patterns and fraudulent subscription behaviors may strain detection systems and degrade overall service reliability.

Indication of Underlying System Vulnerabilities: The feasibility of such exploitation suggests potential weaknesses in eligibility binding, token validation, subscription state verification, and anti-replay protections.

  1. Recommended Technical and Administrative Measures

To mitigate and prevent further abuse, the following actions are recommended:

Strengthen Credential and Subscription Binding Mechanisms Bind trial eligibility and subscription states to multiple factors, including account ID, device fingerprint, payment profile, and geolocation data. Implement one-time-use tokens and stricter session validation.

Enhance API Security and Anti-Replay Protections Introduce robust request-signing mechanisms (e.g., dynamic signatures, timestamps, nonce validation) to prevent intercepted requests from being reused.

Reinforce Regional and Eligibility Verification Apply multi-layer verification for regional eligibility (IP address, billing information, Google account region, etc.), and flag anomalous cross-region activities.

Upgrade Anomaly Detection and Risk Control Systems Deploy advanced monitoring models to detect abnormal trial activation and subscription patterns, including high-frequency activations and cross-account irregularities.

Crack Down on Unauthorized Resale Channels Identify and penalize accounts and entities involved in resale activities, and collaborate with relevant platforms to remove illicit listings.

Improve User Awareness and Risk Communication Clearly inform users about the risks associated with purchasing services from unofficial channels.

  1. Formal Request for Action

In light of the above, I respectfully urge OpenAI to:

Conduct a comprehensive technical audit and security review of both trial and subscription systems (including Plus and Pro tiers);

Promptly identify and remediate any existing vulnerabilities;

Investigate and eliminate ongoing abuse activities at scale;

Enforce strict penalties against accounts and entities engaged in such misconduct;

Continuously enhance risk control mechanisms to prevent recurrence.

This issue not only threatens the stability of the platform’s commercial model but also directly impacts user trust and brand integrity. Swift and decisive action is essential to restore fairness, ensure compliance, and maintain a secure and transparent service environment.

Thank you for your attention to this matter. I am willing to provide additional technical details or supporting evidence if required.

  • 滥用
  • 订阅
  • 安全

    15 条回复    2026-04-19 23:02:26 +08:00

    longxinglink

    1

    longxinglink  

    OP

       15 小时 26 分钟前

    同时,帖子下面有评论
    可以通过重放获取最多 365 天(一年)的 Plus/Pro 账户,但是这条评论被发布者删除

    dreamk

    2

    dreamk      15 小时 24 分钟前

    简单看了下,满满的 ai 翻译味儿

    没事就多背背单词,或者咬打火机

    longxinglink

    3

    longxinglink  

    OP

       15 小时 19 分钟前

    @dreamk 举报者直接用自己的文风会被追踪吧,虽然也没啥技术细节就是了,英国这个方法都活了几个月了
    真的可恶,自己用用不好么,吃饭砸锅,搞不懂这什么思路

    laminux29

    4

    laminux29      15 小时 16 分钟前

    正版用户发现产品降智与降速,当然会举报各种白嫖渠道与逆向渠道,来维护自己的权益。

    sddyzm

    5

    sddyzm  

    PRO

       15 小时 16 分钟前 via iPhone

    昨天论坛里已经有人公开怎么复现了

    joshryo

    6

    joshryo      15 小时 4 分钟前

    一股子翻译味...要么是官方付费用户维权,要么是你不想我玩那大家都别玩的砸锅行为?

    longxinglink

    7

    longxinglink  

    OP

       14 小时 34 分钟前   ❤️ 1

    @laminux29 我觉得有点像中转站和号商搞商战,毕竟这个方案的源代码这次没有在小孩哥论坛公开,那帮搞中转的小孩哥技术能力和道德下限一样低
    正价用户不太会为了八块钱去收集这么多消息还要关联 Openai 账户去举报,这个时间去捡瓶子都赚的不止这些

    anyscript

    8

    anyscript      13 小时 21 分钟前

    上次 kiro 不也是。玩不过别人就破罐子破摔 一副我不好过你也别想好过的德行

    tlerbao

    10

    tlerbao      11 小时 52 分钟前

    都是一些小孩,非常不成熟

    zerovoid

    11

    zerovoid      9 小时 4 分钟前

    官方怎么会不知道,不然风控都是哪来的,写举报信有毛用。

    intelmd

    15

    intelmd      3 小时 42 分钟前 via iPhone

    大致原理就是拦截付款成功后的 token , 但是转给新账户使用,然后再拦截再用到新账户上, 以此类推, 永动机了属于是。