In a startling revelation, a recent report published by Singapore-based cybersecurity firm Group-IB has exposed a significant breach in the popular artificial intelligence chatbot platform, ChatGPT. More than 100,000 user accounts have fallen victim to information-stealing malware over the past year, presenting a grave threat to the security and privacy of ChatGPT users.
The comprehensive report has identified a staggering 101,134 compromised accounts, with the credentials of many of these accounts being traded on illicit dark web marketplaces throughout the year. Disturbingly, the peak of this breach occurred in May, during which nearly 27,000 compromised ChatGPT account credentials were traded on the dark web. The Asia-Pacific region witnessed the highest concentration of ChatGPT credentials for sale, accounting for almost 40% of compromised accounts between June 2022 and May 2023, followed closely by Europe.
ChatGPT, since its widespread rollout in November of the previous year, has gained increasing popularity, with employees leveraging the chatbot’s capabilities to optimize their work across various fields, including software development and business communications. However, this breach has raised serious concerns about the security of user information stored within the chatbot. The history of user queries and the AI’s responses, stored by ChatGPT, poses a significant risk if unauthorized access to user accounts is obtained.
Dmitry Shestakov, the head of threat intelligence at Group-IB, highlighted the potential consequences of this breach. Employees often engage in classified correspondences or use the bot to optimize proprietary code, and given ChatGPT’s default configuration of retaining all conversations, the breach inadvertently offers a trove of sensitive intelligence to threat actors. This situation has led several businesses, institutions, and universities worldwide, including some in Japan, to either ban the use of ChatGPT or caution their staff against revealing sensitive information to the AI bot. Such data can be exploited for targeted attacks against companies and their employees.
Group-IB’s report also warns about the growing popularity of ChatGPT accounts within underground communities on the dark web, which are accessible only through specialized software. Malicious software, referred to as info stealers, is being utilized to extract various pieces of information from infected computers, including credentials saved in browsers, bank card details, crypto wallet information, cookies, and browsing history. These valuable user logs, containing sensitive data such as IP addresses, are actively traded on dark web marketplaces.
Notably, a majority of the compromised ChatGPT accounts have been breached by the infamous Raccoon info stealer, as identified by Group-IB. In response to this breach, experts strongly advise users to update their passwords regularly and implement two-factor authentication for accessing their ChatGPT accounts. Furthermore, it is recommended to disable the chatbot’s chat saving feature through the settings menu or manually delete conversations immediately after use. These proactive measures significantly enhance the security of ChatGPT accounts and mitigate the risks associated with unauthorized access.
The breach compromising over 100,000 ChatGPT user accounts serves as a stark reminder of the critical importance of robust cybersecurity measures and constant vigilance in the digital age. As the utilization of AI technologies continues to expand, it becomes increasingly crucial to prioritize security and protect sensitive information from malicious actors. By staying informed about the latest threats and implementing stringent security practices, both individuals and organizations can take proactive steps to safeguard their data and maintain their digital well-being.
