Over 100K Stolen ChatGPT Account Credentials Found on Dark Web Marketplaces

Since June 2022, more than 101,000 compromised ChatGPT account information has found its way to illicit dark web marketplaces. The stolen credentials were found within the logs of information stealing malwares and were available for sale on illegal underground communities, Group-IB’s post stated.

The year-long research by Singapore-based cybersecurity company disclosed an alarming trend. Increasing use of the OpenAI platform by employees has led to a consistent increase in availability of stolen credentials, from 74 in June 2022 to 26,802 in May 2023.

‘’Many enterprises are integrating ChatGPT into their operational flow. Employees enter classified correspondences or use the bot to optimize proprietary code,” said Group-IB’s Dmitry Shestakov.

Among the regions, Asia Pacific saw the highest number of accounts (40.5%) compromised, followed by Middle East & Africa (24.6%). The investigation further revealed that the info-stealer most commonly used was Raccoon (78,348), followed by Vidar (12,948) and Redline (6,773).

Info-stealers are a type of malware that helps hackers extract sensitive information from the victim’s machine including data saved in web browsers, history, cookies, crypto wallet, social media platforms, emails as well as bank & credit card details. The extracted data is transferred to a Command and Control (C2) server managed by the threat actor who later trades it as logs on the dark web for a one-time fee or on a monthly subscription.

‘’Stealers work non-selectively. This type of malware infects as many computers as possible through phishing or other means in order to collect as much data as possible. Info stealers have emerged as a major source of compromised personal data due to their simplicity and effectiveness,’’ revealed the investigation.

To mitigate such risks, it’s essential to bolster security practices by regularly updating the password associated with various online accounts as well as implementing the 2-factor authentication.