More than 101,000 hacked accounts of the OpenAI language model ChatGPT have been discovered on illegal Dark Web Markets. These hacked credentials were found in the logs of information-stealing malware that is sold on these underground marketplaces. Reports indicate that there were 26,802 logs accessible in May 2023, all of which contained hacked ChatGPT accounts.
Info stealers are a type of malware that gather information from infected machines, including cookies, browsing history, bank card information, credentials saved in browsers, and other sensitive data. This information is then sent to the malware operator. In addition to gathering information from installed browsers, hackers can also access information from emails and instant messengers.
Cyber intelligence firm Group-IB has found that most ChatGPT credentials for sale over the past year have been listed in the Asia-Pacific region. This suggests that there is a significant market for these compromised accounts in that area.
The rise of compromised ChatGPT accounts is a cause for concern, especially for businesses and their employees. Many employees use chatbots like ChatGPT to streamline their job tasks, whether it be company communications or software development. However, unauthorized access to these accounts can lead to the exposure of private and sensitive information, which can then be used to launch targeted attacks against businesses and their employees.
Dmitry Shestakov, an expert from Group-IB, explains that “given that ChatGPT’s standard configuration retains all conversations, this could inadvertently offer a trove of sensitive intelligence to threat actors if they obtain account credentials.” This highlights the importance of securing these accounts and limiting access to sensitive information.
A significant number of logs, including ChatGPT accounts, have been compromised by the notorious Raccoon information stealer. The domain lists discovered in these logs and the information on the hacked host’s IP address provide additional details about the accessibility of these logs on dark web markets.
Between June 2022 and May 2023, the Asia-Pacific region had the highest percentage (40.5%) of compromised ChatGPT accounts. This indicates that businesses and individuals in this region should be particularly vigilant in protecting their accounts and sensitive information.
To mitigate the risk of data breaches, it is recommended to disable the chat saving option on the ChatGPT platform or manually delete chat logs after using the service. Even if discussions are not saved to the ChatGPT account, malware infections can still result in data leaks through screenshots or keylogging. Therefore, it is advisable for those handling sensitive data to use locally constructed and securely housed solutions rather than relying on cloud-based services.
The discovery of over 101,000 compromised ChatGPT accounts underscores the urgent need for increased cybersecurity measures and awareness. Businesses and individuals must remain vigilant in protecting their accounts and sensitive information from malicious actors on the Dark Web.