Recent reports indicate a disturbing surge in the sale of stolen ChatGPT account credentials on illicit dark web marketplaces. Between June 2022 and May 2023, more than 100,000 compromised OpenAI ChatGPT account credentials were discovered being traded, with India alone accounting for 12,632 stolen credentials. These findings were revealed in a report by Group-IB, a Singapore-headquartered cybersecurity company revealed. Exposed: Massive Data Breach Reveals 100,000+ Stolen ChatGPT Account Credentials
Emergence of Stolen ChatGPT Account Credentials in Cybercrime Underground
The stolen ChatGPT account credentials were identified within information stealer logs that were made available for sale on the cybercrime underground. Group-IB noted that the number of available logs containing compromised ChatGPT accounts reached its peak in May 2023, totaling 26,802. The Asia-Pacific region witnessed the highest concentration of ChatGPT credentials being offered for sale over the past year.
Compromised ChatGPT Credentials and the Rise of Info Stealers: A Global Perspective
Aside from India, other countries with a significant number of compromised ChatGPT credentials included Pakistan, Brazil, Vietnam, Egypt, the U.S., France, Morocco, Indonesia, and Bangladesh.
Further analysis conducted by Group-IB identified that the majority of logs containing ChatGPT accounts were breached by the notorious Raccoon info stealer, followed by Vidar and RedLine. Exposed: Massive Data Breach Reveals 100,000+ Stolen ChatGPT Account Credentials
Related Links:
- The Next Generation of Info Stealers by KELA Cyber Threat Intelligence.
- Raccoon Stealer v2 – Part 2: In-depth analysis by Sekoia.io Blog.
- Infostealer Malware on the Dark Web by Accenture.
- Info Stealers Ecosystem Introduction by Cyberint.
- Stealc: a copycat of Vidar and Raccoon infostealers gaining in popularity (Part 1)
The Rising Threat of Information Stealers: Implications for ChatGPT Security and User Protection
Information stealers have gained popularity among cybercriminals due to their ability to hijack passwords, cookies, credit cards, and other sensitive information from web browsers and cryptocurrency wallet extensions. The compromised information harvested by these info stealers is actively traded on dark web marketplaces. Additional information, such as the lists of domains found in the logs and the IP addresses of the compromised hosts, is also included in these marketplaces.
These stolen ChatGPT account credentials pose significant risks, especially considering the integration of ChatGPT into various enterprises’ operational workflows. Employees often engage in classified correspondences or utilize the ChatGPT bot to optimize proprietary code. However, since ChatGPT’s standard configuration retains all conversations, if threat actors obtain account credentials, they could inadvertently gain access to a trove of sensitive intelligence.
To mitigate these risks, it is crucial for users to adhere to proper password hygiene practices and secure their accounts with two-factor authentication (2FA) to prevent account takeover attacks.
These developments occur in the midst of an ongoing malware campaign that leverages fake OnlyFans pages and adult content lures to distribute a remote access trojan and an information stealer named DCRat (or DarkCrystal RAT). Additionally, a new variant of a malware called GuLoader which employs tax-themed decoys to launch PowerShell scripts capable of injecting Remcos RAT into a legitimate Windows process, has been recently discovered. As cybercriminals continue to exploit stolen ChatGPT account credentials, it is crucial for both OpenAI and users to remain vigilant. Implementing robust security measures, such as multi-factor authentication, monitoring for suspicious activity, and promptly addressing vulnerabilities and data leaks, is essential to safeguarding sensitive information.
Conclusion
The sale of over 100,000 stolen ChatGPT account credentials on dark web marketplaces highlights the growing threat of cybercrime and the need for heightened security measures. The Asia-Pacific region, particularly India, witnessed a significant number of compromised credentials, emphasizing the global reach of this issue.
The prevalence of information stealers like Raccoon, Vidar, and RedLine underscores the importance of protecting sensitive information stored within ChatGPT accounts. Enterprises must be cautious, as the integration of ChatGPT into operational workflows can inadvertently expose classified correspondences and proprietary code if threat actors obtain account credentials.
To safeguard against such risks, users are urged to follow password hygiene practices and enable two-factor authentication (2FA). These simple yet effective security measures can help prevent account takeovers and unauthorized access.
As cybercriminals continue to exploit stolen credentials, both OpenAI and users must remain vigilant. Proactive monitoring for suspicious activity, prompt reporting of unauthorized access, and addressing vulnerabilities and data leaks are critical steps in maintaining the security of ChatGPT accounts. By prioritizing security and implementing robust measures, we can mitigate the risks associated with stolen ChatGPT account credentials and ensure the confidentiality and integrity of user information.
Frequently Asked Questions (FAQs)
Q: How many stolen ChatGPT account credentials were sold on dark web marketplaces?
A: Over 100,000 compromised ChatGPT account credentials were sold on dark web marketplaces between June 2022 and May 2023. India accounted for 12,632 of these stolen credentials.
Q: Which countries had the highest number of compromised ChatGPT credentials?
A: Aside from India, other countries with a significant number of compromised ChatGPT credentials include Pakistan, Brazil, Vietnam, Egypt, the U.S., France, Morocco, Indonesia, and Bangladesh.
Q: What information stealers were responsible for breaching the majority of ChatGPT accounts?
A: The majority of logs containing ChatGPT accounts were breached
by the Raccoon info stealer, followed by Vidar and RedLine.
Q: What risks do stolen ChatGPT account credentials pose?
A: Stolen ChatGPT account credentials can lead to unauthorized access, potential exposure of sensitive information, misuse of the account for malicious activities, and compromise of associated systems and platforms.
Q: How can users protect their ChatGPT accounts from being compromised?
A: Users can protect their ChatGPT accounts by following proper password hygiene practices, enabling two-factor authentication (2FA), and staying vigilant for any suspicious account activity. Regularly monitoring account activity and promptly reporting any unauthorized access to OpenAI is also recommended.
Q: What should OpenAI do to mitigate the risks associated with stolen ChatGPT account credentials?
A: OpenAI can enhance security measures by implementing multi-factor authentication, actively monitoring for suspicious activity, and promptly addressing any vulnerabilities or data leaks that may arise.