Over 100,000 ChatGPT accounts compromised, sold on dark web: cybersecurity firm

SINGAPORE: More than 100,000 user accounts of the popular AI chatbot, ChatGPT, have been compromised and sold on the dark web, according to a report by Singapore-based cybersecurity firm, Group-IB.

The firm’s researchers discovered that the accounts were compromised by malware variants such as Raccoon, Vidar, and Redline. The Asia-Pacific region, particularly India and Pakistan, were the most affected, accounting for 40.5% of the stolen accounts between June 2022 and May 2023.

ChatGPT, developed by OpenAI, is widely used across various industries, from software development to business communications. The default settings of the AI chatbot store user queries and AI responses, potentially exposing confidential information to unauthorised access.

The report highlights the growing popularity of ChatGPT accounts within underground communities. Russian hackers, in particular, have shown eagerness to exploit ChatGPT’s restrictions to create malware and carry out other malicious activities.

The firm recommends regular password updates and the implementation of two-factor authentication (2FA) to mitigate the risks associated with compromised ChatGPT accounts. They also suggest regular account monitoring, cautious sharing, staying updated, being wary of phishing attempts, securing devices, regular security awareness training, and limiting data storage.

Group-IB’s Head of Threat Intelligence, Dmitry Shestakov, emphasised the importance of vigilance and promptly identifying compromised accounts in underground communities.

You May Also Like