ChatGPT users should be aware that their personal data may have been leaked online after the dump. Over 100,000 ChatGPT account credentials on the dark web. According to reports by The Hacker News and Singapore-based cybersecurity firm Group-IB, the credentials of a user logged into ChatGPT ranged from its inception (June 2022) to his May 2023. , which means it is still an ongoing event. The United States, France, Morocco, Indonesia, Pakistan, and Brazil appear to have the most users involved in stolen credentials.
“The number of available logs containing compromised ChatGPT accounts peaked at 26,802 in May 2023.” A Group IB expert said: “Asia Pacific had the highest concentration of ChatGPT credentials for sale over the past year.”
In this case, 26,802 logs available means that the dark web marketplace has already absorbed the user’s credentials and (presumably) found a malicious buyer.
“Logs containing compromised information collected by information thieves are actively traded on dark web markets.” Group IB said. “Additional information about logs available in such markets includes information about the list of domains found in the logs and IP addresses of compromised hosts.”
Most of the dumped credentials were found within logs associated with multiple infostealer malware families. The Raccoon information stealer is a particularly popular malware “distribution” within the family and was used to compromise exactly 78,348 accounts. (Knowing what to look for for each type of malware makes it easier to know the exact numbers.)
Raccoon seems to be the AAA equivalent of the information-stealing malware world, showing how the dark web is a parallel world to ours. A user can purchase access to her Raccoon in a subscription-based model. No coding or specialized knowledge required. This ease of deployment is one reason why the number of cybercrime-related crimes is on the rise. Raccoon, like everything else, comes bundled with enhanced features. These subscription-based information thieves do more than just steal credentials. It also allows malicious users to automate subsequent attacks.
Of course, other malware was used to steal user credentials. That’s the field of tools designed by Black Hat. But the number is not so impressive. Second behind Raccoon was Vidar, which was used to access 12,984 accounts, and third was his 6,773 credentials obtained through his RedLine malware.
Once those credentials provide access to your ChatGPT account, it puts anyone using the service on hold. Please note that access to personal information is not the only purpose. The majority of users store their chats in his OpenAI application, which allows malicious users to access them as well. And that’s where the real value lies. Business plans, app development, malware development (erm), writing that happens in chat. Your ChatGPT account contains both personal and professional content, from trade secrets that shouldn’t exist to personal diaries. It seems that there is also a confidential document.
“Employees enter sensitive communications or use bots to optimize their own code. If so, this could unintentionally provide a treasure trove of sensitive information.”
It’s quite an information thief. Remember that all passwords are important. But perhaps the security of ChatGPT windows (both at home and at work) is more important than others. Be careful with plugins Install ChatGPT, use strong passwords, enable two-factor authentication (2FA), Cybersecurity best practices That way you are less likely to be targeted.
