The access data of ChatGPT users is used more and more frequently.
From June 2022 to May 2023, more than 101,000 login credentials for the popular AI-powered chatbot ChatGPT were sold in various darknet markets. This is reported by the cybersecurity company Group-IB.
On June 20, Group-IB tweeted that, based on their findings, “the Asia-Pacific region has experienced the highest concentration of ChatGPT credentials being offered for sale.”
Regarding European countries, France had the largest amount of intervened data, around 3,000, while in Germany there are about 1,500.
Group-IB identified the countries and regions with the highest concentration of stealer-infected devices with saved #ChatGPT credentials. The top three countries are India, Pakistan, and Brazil.
Group-IB’s Insights
Group-IB recalled that ChatGPT accounts can be created directly through OpenAI or the use of existing Google, Microsoft, or Apple logins. In this case, requests and chat history are saved by default.
The experts warned that sensitive information available to third parties could be used to launch attacks against companies or individuals. In this regard, users have been advised to update passwords regularly and use two-factor authentication to protect accounts.
Chat GPT Dark Web
It appears that the ChatGPT account credentials were stolen via “infostealers” (a generic name for Trojan-type malicious software). As with sites, exchanges, and other objects and sites in the interconnected virtual space, accounts in artificial intelligence (AI) systems are also targets for attacks.
Infostealers are a type of malware designed to collect and steal sensitive information from infected systems. Hence, exactly 101,143 attacked ChatGPT accounts are at risk.
These malicious programs infect computers to steal access credentials and, thus, have access to highly sensitive information, such as banking, credit cards, and even browsing histories. They can work for a relatively long period of time, collecting sensitive user information without the user noticing it.
Infostealers infect as many computers as possible through phishing or other means in order to collect as much data as possible, which is then offered to cybercriminals on the so-called dark web.
The security firm Group-IB has detected all the accounts that have been “put up for sale” in such a dark market.
The observation, as pointed out above, has covered a year, from June 2022 to May 2023. In this last month, the largest number of accounts have been affected, which seems to correspond with the greatest use of ChatGPT.
Further analysis has revealed that most of the records containing ChatGPT accounts have been obtained through malware that steals valuable information and credentials, such as Raccoon (78,348), followed by Vidar (12,984) and RedLine (6,773).
By Audy Castaneda
