Over 100K ChatGPT Account Credentials Compromised & Sold on Dark Web, India Leads with 12,632 Stolen Credentials.

Continue reading

A third-party software flaw inside one of Japan's largest telcos exposed login credentials for up to 14.2 million email accounts across six ISPs. The passwords? Some were hashed. Some may not have been
Cybersecurity experts have recently made a shocking discovery revolving around ChatGPT. They have identified 101,134 devices infected with info stealers that contained compromised ChatGPT account credentials. These compromised credentials were found in the info-stealing malware logs traded on illicit dark web marketplaces over the past year. The logs containing compromised ChatGPT accounts peaked at 26,802 in May 2023, signaling the extent of this alarming issue. Notably, the Asia-Pacific (APAC) region has been hit hardest, with the highest concentration of ChatGPT credentials being offered for sale. Among the countries in the region, India alone accounts for a significant 12,632 stolen credentials.
In today's digital landscape, more & more employees are integrating Generative AI-driven Chatbots like ChatGPT into their workflows. Whether optimizing software development or facilitating business communications, ChatGPT has become an indispensable tool for all. However, what many users may not realize is that ChatGPT stores the entire history of user queries and AI responses. This means that if unauthorized individuals gain access to ChatGPT accounts, confidential and sensitive information may be exposed. This can then be exploited for targeted attacks against both companies and employees. Disturbingly, Group-IB's latest findings reveal that ChatGPT accounts have gained significant popularity within underground communities, making them attractive targets for cybercriminals.
Group-IB's analysis of underground marketplaces has revealed that the infamous Raccoon info stealer has breached a majority of ChatGPT account logs, followed by Vidar & RedLine.
This finding highlights the growing popularity of ChatGPT and the consistent increase in compromised ChatGPT accounts witnessed by the Group-IB Threat Intelligence team throughout the past year.
Info stealers are a type of malware developed to extract various forms of sensitive data from infected computers. They target credentials saved in browsers, bank card details, crypto wallet information, cookies, browsing history, and more. These info stealers are not selective; their goal is to infect as many computers as possible, collecting as much data as they can. They accomplish this through phishing attacks or other means. Due to their simplicity and effectiveness, info stealers have emerged as a major source of compromised personal data. Logs containing compromised information harvested by info stealers are actively traded on dark web marketplaces. These logs often include additional details, such as lists of domains found in the log and the compromised host's IP address.
Through thorough analysis, Group-IB's Threat Intelligence unit has identified the countries and regions with the highest concentration of devices infected with stealers that contain saved ChatGPT credentials. Between June 2022 and May 2023, the Asia-Pacific region accounted for a significant percentage of ChatGPT accounts stolen by info stealers, reaching 40.
5%. Apart from India, other countries with a notable number of compromised ChatGPT credentials include Pakistan, Brazil, Vietnam, Egypt, the United States, France, Morocco, Indonesia, and Bangladesh.
Dmitry Shestakov, the head of threat intelligence at Group-IB, expressed concerns about the situation:_"Many enterprises are integrating ChatGPT into their operational flow. Employees enter classified correspondences or use the bot to optimize proprietary code. Given that ChatGPT's standard configuration retains all conversations, this could inadvertently offer a trove of sensitive intelligence to threat actors if they obtain account credentials."_ To mitigate the risks associated with compromised ChatGPT accounts, Group-IB strongly advises users to update their passwords regularly and implement two-factor authentication (2FA). By enabling 2FA, users must provide an additional verification code, usually sent to their mobile devices, before accessing their ChatGPT accounts.
This discovery of over 100,000 compromised ChatGPT account credentials being sold on dark web marketplaces, with India alone accounting for 12,632 stolen credentials, raises serious concerns about how and what types of data are being exchanged that raises security risk related to personal & sensitive information. The growing popularity of ChatGPT, coupled with the increasing use of info stealers by cybercriminals, necessitates more robust security measures. By following password best practices, implementing 2FA, and staying informed about emerging cyber threats, users can be crucial in protecting their accounts and mitigating the risks associated with compromised credentials. Ultimately, it is the collective responsibility of users, enterprises, and cybersecurity experts to ensure a safer digital environment.

Hackers exploited a four-year-old credential in Klue's systems to steal customer data, impacting LastPass and several cybersecurity firms in a supply chain breach