A recent report conducted by Group-IB, a prominent cybersecurity leader based in Singapore, has highlighted the interest on a concerning issue involving the compromise of OpenAI ChatGPT user accounts. The report reveals that a significant number of ChatGPT credentials have surfaced on various dark web marketplaces during the period between June 2022 and May 2023.

In their investigation, Group-IB discovered a staggering 101,134 infected devices that contained stealers specifically designed to harvest and store ChatGPT login information. These compromised devices acted as a gateway for cybercriminals to access and exploit the associated ChatGPT accounts. Notably, the highest number of affected accounts was identified in India, indicating a concentrated impact within the country.

This breach has raised alarm bells due to the widespread popularity of ChatGPT and its super-intelligent capabilities. With millions of people signing up for the service globally, the revelation of compromised credentials is a cause for concern. The incident highlights the importance of robust cybersecurity measures and the constant vigilance required to protect user data in an increasingly interconnected world.

OpenAI, the organization behind ChatGPT, will undoubtedly be taking this breach seriously, working to mitigate the impact and reinforce the security of their platform. Users are urged to be cautious and take proactive steps to protect their accounts, such as enabling two-factor authentication, regularly updating passwords, and staying informed about potential security risks.

Overall, this incident serves as a stark reminder of the ongoing battle between cybercriminals and cybersecurity experts, emphasizing the need for constant innovation and resilience in safeguarding sensitive user information in the digital age.

According to Group-IB’s threat intelligence platform, a significant number of compromised ChatGPT credentials were discovered in the logs of info-stealing malware, which were being traded on dark web marketplaces over the past year. By May 2023, the logs containing compromised ChatGPT accounts had reached a total of 26,802. Notably, a majority of these compromised credentials belonged to users in the Asia-Pacific region.

In recent months, the adoption of ChatGPT has been on the rise, with professionals from various fields utilizing the chatbot to enhance their productivity, software development, and business communications. Since ChatGPT retains the history of user queries and responses, unauthorized access to these accounts could potentially expose confidential and sensitive information. This poses a significant risk, as cybercriminals could exploit such data to target companies and their employees for various malicious purposes.

Group-IB’s report highlights the widespread popularity of ChatGPT within dark web communities, indicating that it has become a sought-after target for cybercriminals. The presence of compromised credentials on the dark web emphasizes the importance of robust security measures to protect sensitive user data and safeguard against unauthorized access.

As more professionals and businesses rely on AI-powered chatbots like ChatGPT, it becomes imperative for both users and service providers to remain vigilant and implement strong security practices. OpenAI and other organizations offering similar services need to continually enhance their security protocols to protect user accounts and prevent unauthorized access to sensitive information.

What are info-stealing malware?

Info stealers are a type of malicious software designed to gather sensitive information stored in web browsers, including cookies, browsing history, bank card details, cryptocurrency wallet information, and more. These malware programs target infected computers and extract data from installed browsers, which is then shared with the operator behind the malware.

In addition to browser data, info stealers can also collect sensitive information from instant messengers, emails, and other sources on the victim’s device. They operate indiscriminately, infecting multiple computers simultaneously through methods such as phishing or other deceptive techniques to maximize their data collection.

Group-IB reports that info stealers have become increasingly prominent in the realm of personal data gathering due to their effectiveness. The information gathered by these malware programs is compiled into logs, which are subsequently traded on dark web marketplaces. These logs often include not only the stolen data but also the IP addresses of the compromised hosts, further enhancing their value in underground markets.