Over 101,100 ChatGPT account credentials sold on dark web
Over 101,100 ChatGPT account credentials have been hijacked and are available for sale on criminal dark web marketplaces, according to Group-IB.
The hacked ChatGPT account credentials were identified among information stealer logs for sale in the criminal underground between June 2022 and May 2023, according to the analysis. The number of accessible logs, including hijacked ChatGPT accounts, peaked in May 2023, with a total of 26,802 records transmitted.
According to the analysis, the Asia-Pacific region had the highest concentration of ChatGPT credentials for sale, with India alone responsible for 12,632 stolen credentials. Apart from India, considerable numbers of hacked ChatGPT credentials were found in Pakistan, Brazil, Vietnam, Egypt, the United States, France, Morocco, Indonesia, and Bangladesh.
Group-IB disclosed that the majority of the hacked ChatGPT account credentials were obtained from Raccoon, an information thief who apparently infiltrated 78,348 accounts. Vidar was responsible for 12,984 compromised credentials, with RedLine accounting for 6,773.
It also underlined that workers use ChatGPT to enhance their job, and illegal access to the accounts might expose sensitive information that can be utilized in targeted attacks. As a result, Group-IB stated that it monitors the dark web and cybercriminal forums, and it provides firms with a collection of data that aids in the identification of compromised credentials and enables proactive cyber risk reduction.
Dmitry Shestakov, head of threat intelligence at Group-IB, highlighted the potential dangers, stating that “Many enterprises are integrating ChatGPT into their operational flow. Given that ChatGPT’s standard configuration retains all conversations, this could inadvertently offer a trove of sensitive intelligence to threat actors if they obtain account credentials.”
OpenAI has clarified that this data breach is not a result of an OpenAI system breach but rather a commodity malware affecting users’ devices, and that it is investigating the exposed accounts. It also assured users that they follow industry best practices for authentication and authorization.
The sources for this piece include an article in TheHackerNews.