Over the course of the past year, more than 100,000 login credentials for the renowned artificial intelligence chatbot, ChatGPT, have been leaked and traded on the dark web, as disclosed by a cybersecurity firm based in Singapore.
Group-IB, in a blog post on June 20, revealed that from June 2022 to May 2023, there were over 101,000 compromised logins from devices associated with OpenAI’s flagship bot that were exchanged on various dark web marketplaces.
Dmitry Shestakov, the head of threat intelligence at Group-IB, explained that the figure represents “the number of logs from stealer-infected devices that Group-IB analyzed,” and each log contained at least one combination of login credentials and passwords for ChatGPT.
During May 2023, the availability of ChatGPT-related credentials peaked at nearly 27,000 on online black markets.
Of the compromised logins available for sale, the Asia-Pacific region accounted for the largest share, making up approximately 40% of the nearly 100,000 total.
Indian-based credentials held the highest number, surpassing 12,500, while the United States ranked sixth with nearly 3,000 leaked logins. France secured the seventh position globally and led in Europe.
Creating ChatGPT accounts is possible through OpenAI directly, or users can opt to utilize their Google, Microsoft, or Apple accounts for login and access.
While Group-IB did not conduct a detailed analysis of the signup methods, Shestakov suggested that primarily accounts utilizing a “direct authentication method” were exploited.
However, OpenAI is not accountable for the compromised logins, as the logs containing saved ChatGPT credentials are not a result of any weaknesses in the infrastructure of ChatGPT.
The blog post by Group-IB also pointed out a notable increase in the number of employees using ChatGPT for work purposes.
It cautioned that confidential information about companies could be at risk of exposure since user queries and chat history are stored by default. Unauthorized individuals could exploit this information to launch attacks against companies or individual employees.
According to Shestakov, cybercriminals infected “thousands of individual user devices worldwide” to steal this information.
He emphasized the significance of regularly updating software and implementing two-factor authentication as a means to mitigate such risks.
Interestingly, Group-IB mentioned that the press release itself was written with the assistance of ChatGPT.
Other Stories:
Federal Reserve Pushing For Robust Oversight of Stablecoins as Form of Money
Millions of Mexicans To Be Able To Pay Internet Bills Via Bitcoin Lightning Network
President Biden Convenes Meeting with Experts to Navigate Future of AI Safety and Policy