The practice stems from the $20-per-month subscription cost, which pushes users to split accounts despite knowing it breaches terms of service. Security researchers at Push Security have also documented a related malvertising campaign where attackers exploit shared content features in both platforms to distribute malware. The scope of the problem remains unclear—it is unknown how many users are currently sharing accounts or how many have experienced data exposure as a result.
Attorneys should monitor this issue as it develops. The account-sharing trend exposes a gap between consumer demand for affordable AI access and corporate security architecture. As clients increasingly rely on AI assistants for sensitive work and personal information, the risks of credential sharing—data commingling, identity confusion, and malware delivery—warrant explicit guidance in client advisories and terms-of-service reviews. Expect potential regulatory scrutiny around whether platforms are doing enough to prevent unauthorized access and protect user data.