In a striking revelation, more than 100,000 OpenAI ChatGPT account credentials have surfaced on illicit dark web marketplaces within the span of a year, from June 2022 to May 2023.
According to a report by Group-IB, these credentials were unearthed within logs of stolen information which were subsequently offered for sale on underground cybercrime platforms.
Users Affected Worldwide
India bore the brunt of this breach, with 12,632 stolen credentials traced back to the country.
This highlights the rapid adoption of ChatGPT in India. Many Indian tech companies have integrated ChatGPT to improve customer service and employee productivity.
Several other countries follow closely. Pakistan, Brazil, Vietnam, Egypt, the U.S., France, Morocco, Indonesia, and Bangladesh are the most affected.
The widespread impact indicates the popularity of ChatGPT across cultures and regions.
Behind the Breach: The Role of Info Stealers
Info stealers have grown in popularity among cybercriminals due to their capability to seize passwords, cookies, credit cards, and other vital information from browsers and cryptocurrency wallet extensions.
The success of info stealers suggests people aren’t practicing good cyber hygiene, like using unique passwords and enabling two-factor authentication.
Logs containing compromised information harvested by info stealers are readily traded on dark web marketplaces.
Law enforcement struggles to curb illicit transactions on the dark web, which has become a hub for cybercriminal activities due to the anonymity it provides.
Risks Of ChatGPT Integration & Need For Secure Practices
“Many enterprises are integrating ChatGPT into their operational flow,” notes Dmitry Shestakov, head of threat intelligence at Group-IB.
This highlights how AI is transforming businesses but also introducing new risks.
In light of these risks, Shestakov recommends users follow proper password safety practices and secure their accounts with two-factor authentication (2FA) to thwart account takeover attacks.
Enabling 2FA is one of the best ways users can protect their accounts since it requires not just the password but also another piece of information like a security code sent to the user’s phone.
This incident underscores the urgent need for enhanced security practices in a world increasingly dependent on AI and digital interactions.
As cybercriminals evolve their tactics, public awareness about cyber risks and how to mitigate them becomes more critical.
Regardless of the tools you use, stay vigilant and prioritize secure practices to avoid becoming an easy target.
Featured Image: BRO.vector/Shutterstock