According to a cybersecurity firm based in Singapore, more than 100,000 login credentials for the popular artificial intelligence chatbot, ChatGPT, have been leaked and traded on the dark web in the past year.
A recent blog post by Group-IB revealed that between June 2022 and May 2023, over 101,000 compromised logins for OpenAI’s flagship bot were traded on dark web marketplaces.
Dmitry Shestakov, the head of threat intelligence at Group-IB, explained that the figure represents “the number of logs from stealer-infected devices that Group-IB analyzed,” and each log contained at least one combination of login credential and password for ChatGPT.
During May 2023, there was a peak of nearly 27,000 ChatGPT-related credentials available on online black markets. The Asia-Pacific region accounted for the highest number of compromised logins for sale, comprising approximately 40% of the total figure.
Among the compromised logins, Indian-based credentials ranked highest with over 12,500, while the United States had the sixth most logins leaked online, totaling nearly 3,000. France secured the seventh position and was the leading country in Europe.
It is worth noting that ChatGPT accounts can be created directly through OpenAI or by using Google, Microsoft, or Apple accounts for login and service usage. Although the research conducted by Group-IB did not cover the analysis of sign-up methods, Shestakov suggested that primarily accounts using direct authentication methods were targeted. However, OpenAI is not at fault for the exploited logins, as the compromised logs do not indicate any weaknesses in ChatGPT’s infrastructure.
In its blog post, Group-IB highlighted an increase in the number of employees using ChatGPT for work and cautioned that unauthorized users could potentially expose confidential company information, given that user queries and chat history are stored by default. Cybercriminals infected thousands of individual user devices worldwide to steal this information. Shestakov emphasized the importance of regular software updates and the use of two-factor authentication to mitigate such risks.
Interestingly, Group-IB mentioned that the press release itself was written with the assistance of ChatGPT.
Please note that spinning an article can result in variations in sentence structure and word choice. The spun version above is generated by rephrasing and reorganizing the original text while attempting to retain the essence of the content.
Get $200 Free Bitcoins every hour! No Deposit No Credit Card required. Sign Up