https://community.openai.com/t/google-uk-plus-pro-plan-is-being-widely-abused/1379242
To the OpenAI technical department
I am writing to formally report a serious and increasingly organized abuse of the ChatGPT Plus “first-month free trial” promotion, as well as the ChatGPT Pro subscription plan, both of which are currently being exploited through technical means in certain regions such as the United Kingdom and Japan. Based on sustained observation and analysis, certain unauthorized actors are leveraging advanced techniques to systematically intercept, manipulate, and resell promotional eligibility and subscription access at scale. This activity has evolved into a structured gray-market operation, posing significant risks to platform integrity, user security, and fair market competition.
- Technical Methods and Operational Workflow (Key Findings) The misconduct observed extends beyond simple account reselling and demonstrates a high degree of technical sophistication. The primary methods include:
Traffic Interception (Packet Capture) Unauthorized actors utilize packet capture tools to intercept and analyze network requests generated during the registration and activation processes of eligible users in designated regions (e.g., the UK and Japan). Through this process, critical parameters—such as subscription identifiers, regional markers, and promotional eligibility tokens—are extracted.
Credential Extraction and Reverse Engineering By analyzing API responses and validation logic, these actors identify key fields governing trial eligibility and subscription validation. This enables them to extract and reconstruct credentials in a transferable or reusable form.
Cross-Account Reuse and Credential Replay (“Rebinding”) The extracted eligibility credentials are reused or replayed across different accounts by modifying request parameters or reissuing intercepted requests. This allows promotions or subscription states—originally restricted to specific regions and user conditions—to be applied to other accounts, including those outside eligible regions or with prior subscription history.
Extension to Paid Subscription Abuse (ChatGPT Pro) In addition to the abuse of free trial eligibility, similar techniques are reportedly being applied to the ChatGPT Pro subscription plan. Unauthorized actors appear to exploit intercepted or manipulated subscription flows to provide access to Pro-level services at artificially low prices, further amplifying market distortion and platform risk.
Commercialization and Gray-Market Distribution These unlawfully obtained and reused trial entitlements and subscription accesses are subsequently packaged and sold through third-party platforms, social media channels, or private transactions at significantly discounted prices, forming a profit-driven gray-market ecosystem.
- Risk and Impact Assessment
This behavior introduces multiple layers of risk and adverse impact:
Violation of Platform Policies and Compliance Standards: These actions clearly bypass the intended constraints of both promotional offers and paid subscription models, undermining enforcement of terms such as regional eligibility, first-time use, and non-transferability.
Distortion of Market Pricing Structures: Artificially low resale prices disrupt both trial conversion funnels and standard subscription pricing (including Plus and Pro tiers), compromising fair competition and revenue integrity.
User Security and Privacy Risks: Users engaging in such transactions may be required to share account credentials or undergo abnormal procedures, exposing them to account compromise, data leakage, or potential suspension.
Increased Burden on Platform Risk Control Systems: Abnormal activation patterns and fraudulent subscription behaviors may strain detection systems and degrade overall service reliability.
Indication of Underlying System Vulnerabilities: The feasibility of such exploitation suggests potential weaknesses in eligibility binding, token validation, subscription state verification, and anti-replay protections.
- Recommended Technical and Administrative Measures
To mitigate and prevent further abuse, the following actions are recommended:
Strengthen Credential and Subscription Binding Mechanisms Bind trial eligibility and subscription states to multiple factors, including account ID, device fingerprint, payment profile, and geolocation data. Implement one-time-use tokens and stricter session validation.
Enhance API Security and Anti-Replay Protections Introduce robust request-signing mechanisms (e.g., dynamic signatures, timestamps, nonce validation) to prevent intercepted requests from being reused.
Reinforce Regional and Eligibility Verification Apply multi-layer verification for regional eligibility (IP address, billing information, Google account region, etc.), and flag anomalous cross-region activities.
Upgrade Anomaly Detection and Risk Control Systems Deploy advanced monitoring models to detect abnormal trial activation and subscription patterns, including high-frequency activations and cross-account irregularities.
Crack Down on Unauthorized Resale Channels Identify and penalize accounts and entities involved in resale activities, and collaborate with relevant platforms to remove illicit listings.
Improve User Awareness and Risk Communication Clearly inform users about the risks associated with purchasing services from unofficial channels.
- Formal Request for Action
In light of the above, I respectfully urge OpenAI to:
Conduct a comprehensive technical audit and security review of both trial and subscription systems (including Plus and Pro tiers);
Promptly identify and remediate any existing vulnerabilities;
Investigate and eliminate ongoing abuse activities at scale;
Enforce strict penalties against accounts and entities engaged in such misconduct;
Continuously enhance risk control mechanisms to prevent recurrence.
This issue not only threatens the stability of the platform’s commercial model but also directly impacts user trust and brand integrity. Swift and decisive action is essential to restore fairness, ensure compliance, and maintain a secure and transparent service environment.
Thank you for your attention to this matter. I am willing to provide additional technical details or supporting evidence if required.
 |
1
longxinglink OP 同时,帖子下面有评论
可以通过重放获取最多 365 天(一年)的 Plus/Pro 账户,但是这条评论被发布者删除 |
 |
2
dreamk 2 小时 57 分钟前
简单看了下,满满的 ai 翻译味儿
没事就多背背单词,或者咬打火机 |
|
3
longxinglink OP @dreamk 举报者直接用自己的文风会被追踪吧,虽然也没啥技术细节就是了,英国这个方法都活了几个月了
真的可恶,自己用用不好么,吃饭砸锅,搞不懂这什么思路 |
 |
4
laminux29 2 小时 49 分钟前
正版用户发现产品降智与降速,当然会举报各种白嫖渠道与逆向渠道,来维护自己的权益。
|
 |
5
sddyzm PRO 昨天论坛里已经有人公开怎么复现了
|
 |
6
joshryo 2 小时 37 分钟前
一股子翻译味...要么是官方付费用户维权,要么是你不想我玩那大家都别玩的砸锅行为?
|
|
7
longxinglink OP @laminux29 我觉得有点像中转站和号商搞商战,毕竟这个方案的源代码这次没有在小孩哥论坛公开,那帮搞中转的小孩哥技术能力和道德下限一样低
正价用户不太会为了八块钱去收集这么多消息还要关联 Openai 账户去举报,这个时间去捡瓶子都赚的不止这些 |
 |
8
anyscript 54 分钟前
上次 kiro 不也是。玩不过别人就破罐子破摔 一副我不好过你也别想好过的德行
|
 |
9
wang93wei 34 分钟前
 大概率不质保就破坏破摔了吧 |
Select Language