Cybersecurity researchers have found tens of thousands of devices storing Chatgpt credentials that have been infected with info-stealing malware. The account details have ended up being sold on the dark web, they said, pointing out that the Asia-Pacific leads by number of such offers.
Increase of Compromised Accounts Testifies to the Growing Popularity of Chatgpt, Experts Say
Singapore-based cybersecurity firm Group-IB has identified 101,134 stealer-infected devices with saved Chatgpt credentials over the past year. The compromised accounts were found within the logs of info-stealing malware traded on darknet markets thanks to its Threat Intelligence platform which monitors such marketplaces and stores a library of dark web data.
The logs reached a high of 26,802 in May 2023, with the Asia-Pacific region seeing the highest number of Chatgpt credentials being put up for sale during the studied period — 40.5% of the stolen accounts between June 2022 and May 2023. The authors of the report noted that the increase of these offerings is an indication of the growing popularity of the chatbot.
Developed by the Microsoft-funded artificial intelligence (AI) research laboratory Openai, Chatgpt was launched in November 2022 and has been finding applications in different fields. Group-IB underscored that more and more employees of various organizations are using the chatbot to optimize their work in areas such as software development or business communications.
Chatgpt has also been making its way into the crypto space. In March, the leading U.S. digital asset exchange, Coinbase, announced it’s testing the product as a token verification tool. And in June, the blockchain analytics firm Elliptic said it intends to use it to support its intelligence gathering efforts.
“By default, Chatgpt stores the history of user queries and AI responses. Consequently, unauthorized access to Chatgpt accounts may expose confidential or sensitive information,” Group-IB’s experts remarked. The data can then exploited for targeted attacks against companies and their employees, they elaborated.
The analysis of underground marketplaces conducted by the cybersecurity firm revealed that the majority of logs containing Chatgpt accounts have been breached by the Raccoon info stealer. This type of malware collects saved account credentials, bank card details and crypto wallet information from browsers installed on infected devices as well as data from instant messengers and emails.
Do you think the theft of Chatgpt accounts will be a growing trend in the near future? Tell us in the comments section below.