In a startling revelation, Group-IB, a leading Singapore-based cybersecurity company, has identified more than 100,000 devices infected with compromised malware containing saved ChatGPT credentials.
(embed) https://www.youtube.com/watch?v=nN1GENQBK34 (/embed)
These compromised credentials were found in records of information-stealing malware that has been circulating on illicit dark web markets over the past year. The number of records it contains ChatGPT accounts hacked It reached a peak of 26,802 in May 2023. The Asia Pacific region has seen the highest concentration of ChatGPT credentials for sale over the past year.
ChatGPT, an AI-powered chatbot developed by OpenAI, is becoming increasingly popular among employees in various industries. It is used to improve work, from software development to business communications. By default, ChatGPT stores a history of user queries and AI responses, which, if accessed unauthorized, could reveal confidential or sensitive information.
This information can be exploited in attacks against companies and their employees. According to the latest findings by Group-IB, ChatGPT accounts have already gained quite a bit of popularity within the secret communities.
Group-IB’s Threat Intelligence platform, which claims to store the largest dark web data library in the industry, monitors cybercriminals’ forums, marketplaces, and closed communities in real time. It identifies compromised credentials, stolen credit cards, new malware samples, access to corporate networks, and other critical intelligence.
This allows companies to identify and mitigate cyber risks before more damage occurs. Group-IB’s analysis of underground markets revealed that the majority of records containing ChatGPT accounts had been compromised by the Raccoon info stealer.
Information theft is a type of malware that collects credentials saved in browsers, bank card details, crypto wallet information, cookies, browsing history, and other information from browsers installed on infected computers. Then they send all this data to the malware operator.
Hackers can also collect data from instant messengers and emails, along with detailed information about the victim’s device. Hackers operate non-selectively, infecting as many computers as possible through phishing or other means in order to collect as much data as possible. Records containing hacked information collected by information stealers are actively traded on dark web markets.
By analyzing this information, Group-IB’s Threat Intelligence Unit has identified the countries and regions with the highest concentration of hijacked infected devices with saved ChatGPT credentials. The Asia Pacific region saw the highest number of ChatGPT accounts stolen by information stealers (40.5%) between June 2022 and May 2023.
“Many companies are integrating ChatGPT into their operational flow. Employees enter confidential messaging or use a bot to improve proprietary code. Since the standard configuration of ChatGPT keeps all conversations, this could inadvertently provide a set of sensitive information to threat actors if they get access to Account credentials.
Dmitry Shestakov, Head of Threat Intelligence at Group-IB.
To mitigate the risks associated with hacked ChatGPT accounts, Group-IB advises users to update their passwords regularly and implement two-factor authentication (2FA). By enabling two-factor authentication (2FA), users are required to provide an additional verification code, usually sent to their mobile device, before accessing their ChatGPT accounts.