Over 101,000 ChatGPT accounts have been compromised and the credentials were sold on the dark web.
This report is particularly alarming given the fact that ChatGPT has more than 100 million users worldwide. It’s important that we all take steps to protect our personal information online.
According to the report of Group-IB, a global cybersecurity leader headquartered in Singapore, has identified 101,134 stealer-infected devices with saved ChatGPT credentials. Group-IB’s Threat Intelligence platform found these compromised credentials within the logs of info-stealing malware traded on illicit dark web marketplaces over the past year. The number of available logs containing compromised ChatGPT accounts reached a peak of 26,802 in May 2023.
Group-IB’s Threat Intelligence platform stores the industry’s largest library of dark web data, monitors cybercriminal forums, marketplaces, and closed communities in real time to identify compromised credentials, stolen credit cards, fresh malware samples, access to corporate networks, and other critical intelligence that enables companies to identify and mitigate cyber risks before further damage is done.
Many enterprises are integrating ChatGPT into their operational flow. Employees enter classified correspondences or use the bot to optimize proprietary code. Given that ChatGPT’s standard configuration retains all conversations, this could inadvertently offer a trove of sensitive intelligence to threat actors if they obtain account credentials. At Group-IB, we are continuously monitoring underground communities to promptly identify such accounts.” said Dmitry Shestakov, Head of Threat Intelligence at Group-IB.
By analyzing this information, Group-IB’s Threat Intelligence unit identified the countries and regions with the highest concentration of stealer-infected devices with saved ChatGPT credentials. The Asia-Pacific region saw the largest number of ChatGPT accounts stolen by info stealers (40.5%) between June 2022 and May 2023.
In April 2023, OpenAI Bug Bounty Program launched to reward researchers who find and report security vulnerabilities. OpenAI Bug Bounty Program helps to make their systems more secure.
OpenAI promotes and develops a friendly AI research. ChatGPT is a famous model that interacts conversationally. ChatGPT can answer follow-up questions, admit mistakes, challenge incorrect assumptions, and reject inappropriate requests.
OpenAI Investigating ChatGPT Accounts
“The findings from Group-IB’s Threat Intelligence report is the result of commodity malware on people’s devices and not an OpenAI breach,” OpenAI told The Hacker News in the statement.
“We are currently investigating the accounts that have been exposed. OpenAI maintains industry best practices for authenticating and authorizing users to services including ChatGPT, and we encourage our users to use strong passwords and install only verified and trusted software to personal computers.”
