Over 100000 ChatGPT Accounts Stolen and Traded in Alarming Security Breach

Malware Exploits AI Interactions, Leading to Fraudulent Activities

In a concerning development, more than 100,000 ChatGPT accounts have been stolen and traded, exposing unsuspecting users to data breaches and potential fraudulent activities. The malware responsible for the attacks captures and transfers sensitive information to third parties, who can then manipulate the data for malicious purposes.

Over 100000 ChatGPT Accounts Stolen and Traded in Alarming Security Breach

Between June 2022 and May 2023, the cybersecurity firm Group-IB discovered that India accounted for the highest number of compromised ChatGPT accounts with 12,632, followed by Pakistan (9,217), Brazil (6,531), Vietnam (4,771), and Egypt (4,588). Surprisingly, the United States ranked sixth with 2,995 compromised accounts.

Dmitry Shestakov, head of threat intelligence at Group-IB, emphasized that many enterprises integrate ChatGPT into their operations, exposing classified correspondences and proprietary code to potential threats. ChatGPT's default configuration retains all conversations, making it a valuable source of sensitive intelligence for threat actors who acquire account credentials.

Group-IB's analysis of criminal underground marketplaces revealed that the majority of compromised ChatGPT accounts were accessed using the Raccoon info stealer malware, which was responsible for over 78,000 stolen credentials. Info stealers are a specific type of malware designed to extract credentials, banking information, browsing history, and other sensitive data from infected computers.

To minimize the risk of account compromise, Group-IB recommends that ChatGPT users regularly update their passwords and enable two-factor authentication (2FA). By activating 2FA, users receive an additional verification code on their mobile devices when accessing the chatbot's services.

While 2FA provides an added layer of security, it is not infallible. Therefore, users discussing sensitive topics with ChatGPT, such as personal details, financial information, or work-related matters, should consider clearing their saved conversations. This can be done by navigating to the "Clear Conversations" section in their account settings.

Group-IB highlighted a surge in compromised ChatGPT accounts, which mirrors the chatbot's growing popularity. The number of compromised accounts rose from 74 in June 2022 to 22,597 in March 2023, indicating a concerning trend.

Notably, ChatGPT's capabilities can also be exploited by hackers to enhance their criminal activities. Cyber threat intelligence firm Check Point Research has warned that the chatbot's code-generating capabilities can lower the entry barrier for coding malicious programs, enabling less-skilled individuals to launch sophisticated cyber attacks. Hackers have been observed attempting to bypass ChatGPT's restrictions to utilize it for potential crimes.

As the adoption of AI-powered chatbots continues to increase, it is crucial for users to remain vigilant about their security. Implementing robust password practices, enabling 2FA, and regularly clearing conversations can help mitigate the risks associated with compromised ChatGPT accounts.