Cybersecurity researchers at Group-IB have uncovered a concerning trend involving more than 100,000 devices infected with stealers that hold compromised ChatGPT credentials. Group-IB’s Threat Intelligence platform found logs of info-stealing malware being traded on illicit dark web markets, with a peak of 26,802 compromised ChatGPT accounts recorded in May 2023. The Asia-Pacific region had the highest concentration of compromised ChatGPT credentials for sale over the past year.
The researchers emphasize the increasing adoption of ChatGPT by employees in various industries, which poses risks due to the default settings of ChatGPT storing user queries and AI responses. This potentially exposes confidential information to unauthorized access and targeted attacks against companies and individuals.
The popularity of ChatGPT accounts within underground communities has surged, with Russian hackers eager to abuse ChatGPT’s restrictions for malicious activities. Group-IB’s Threat Intelligence platform, which monitors dark web activities in real-time, has become crucial in identifying compromised credentials, stolen credit cards, malware samples, and access to corporate networks.
The analysis revealed that the majority of compromised ChatGPT accounts were breached by the Raccoon info stealer, highlighting the simplicity and effectiveness of info stealers in harvesting personal data. These compromised logs are actively traded on dark web marketplaces, often with additional details such as compromised host IP addresses and associated domain lists.
Group-IB identified the countries and regions with the highest concentration of devices infected by stealers and compromised ChatGPT credentials. The Asia-Pacific region accounted for 40.5% of the ChatGPT accounts stolen by info stealers between June 2022 and May 2023.
Dmitry Shestakov, Head of Threat Intelligence at Group-IB, emphasizes the need for vigilance and prompt identification of compromised accounts in underground communities. Group-IB recommends regular password updates and the implementation of two-factor authentication (2FA) to mitigate the risks associated with compromised ChatGPT accounts.