In an era where technology plays an increasingly pivotal role, ensuring online security has become a paramount issue for internet users across the globe. ChatGPT, an OpenAI AI-powered chatbot, is one platform that has seen a rise in popularity. However, the security of ChatGPT has come under scrutiny, with concerns raised about the potential compromise of user accounts.
Quick facts:
- Over 100,000 ChatGPT user credentials were compromised and traded on the dark web.
- Information stealer logs reveal a peak of 26,802 compromised ChatGPT accounts in May 2023.
- Raccoon, Vidar, and RedLine are among the main information stealers responsible for breaches.
In a shocking development, more than 100,000 user credentials for OpenAI’s ChatGPT platform have been compromised and traded on illicit dark web marketplaces, according to a report by cybersecurity firm Group-IB.
The leak, which occurred between June 2022 and May 2023, has put the sensitive data of ChatGPT users at risk, with India alone accounting for a staggering 12,632 stolen accounts.
The report revealed that these compromised credentials were discovered within information stealer logs that were made available for sale on the cybercrime underground.
Group-IB’s findings disclosed that the number of available logs containing compromised ChatGPT accounts reached a peak of 26,802 in May 2023, indicating the alarming scale of the breach.
The Asia-Pacific region has been identified as the epicenter of this cybercrime spree, with the highest concentration of ChatGPT credentials being offered for sale over the past year.
Alongside India, countries such as Pakistan, Brazil, Vietnam, Egypt, the United States, France, Morocco, Indonesia, and Bangladesh also reported significant numbers of compromised accounts.
Info Stealers Target OpenAI ChatGPT Users
Group-IB’s analysis further revealed that the majority of these breaches were attributed to three notorious information thieves: Raccoon, Vidar, and RedLine.
Raccoon was responsible for compromising a staggering 78,348 ChatGPT accounts, followed by Vidar with 12,984 and RedLine with 6,773.
Information stealers have gained popularity among cybercriminals due to their ability to hijack sensitive data, including passwords, cookies, credit cards, and cryptocurrency wallet extensions, from web browsers.
These stolen credentials are actively traded on dark web marketplaces, providing a gateway for launching follow-on attacks using the acquired information.
ChatGPT, which is widely adopted by enterprises, poses a significant risk if account credentials fall into the wrong hands. “Employees enter classified correspondences or use the bot to optimize proprietary code.
Given that ChatGPT’s standard configuration retains all conversations, this could inadvertently offer a trove of sensitive intelligence to threat actors if they obtain account credentials,” warned Dmitry Shestakov, head of threat intelligence at Group-IB.
To safeguard against account takeover attacks, users are advised to follow password hygiene best practices and secure their accounts with two-factor authentication (2FA).
This breach comes amid an ongoing malware campaign that leverages fake OnlyFans pages and adult content lures to deliver a remote access trojan and an information stealer known as DCRat (or DarkCrystal RAT), which is a modified version of the infamous AsyncRAT.
OpenAI has yet to issue a statement regarding the breach, leaving ChatGPT users concerned about the security of their accounts and the potential exposure of sensitive information.
The incident serves as a stark reminder for both individuals and organizations to remain vigilant and take proactive measures to protect their online accounts.
