The rise of the Internet and technological advancements has opened up a world of opportunities, but unfortunately, it has also paved the way for cybercrime to flourish. Hackers and cybercriminals are constantly discovering innovative methods to exploit unsuspecting users and fill their pockets with ill-gotten gains. The latest target of these modern-day stealers is none other than ChatGPT, the AI-powered chatbot that has become a familiar companion in our digital interactions.
In a recent discovery by Group-IB, a global cybersecurity leader, a sizable number of devices – 101,134 to be precise – were infected with information-stealing malware containing saved credentials of ChatGPT. The stolen login details of ChatGPT were being bought and sold by cybercriminals on the dark web marketplaces between June 2022 and May 2023.
The intensity of this security breach becomes even more gripping when we break down the numbers by month. In June 2022, only 74 stealer logs hinted at the compromise of ChatGPT accounts. Little did we know that this was just the tip of the iceberg. With each passing month, the threat grew exponentially, morphing into a menacing force. By January 2023, the number of hacked ChatGPT accounts skyrocketed to a jaw-dropping 11,909. Shockingly, in May 2022, a record-breaking 26,802 ChatGPT accounts were compromised, and data were sold on the dark web. It’s a security breach of epic proportions.
To fully comprehend the gravity of the leaked data from ChatGPT accounts on the dark web, we must first understand the nature of info stealer malware and its various forms.
Demystifying Info Stealer Malware
As their name suggests, information stealers are a dangerous breed of malware software specialising in stealing valuable information. They target web browsers installed on infected computers, collecting credentials, bank card details, crypto wallet information, cookies, browsing history, and more. The stolen data is then sent to the operators behind the malware. These malware programs can also gather data from instant messengers and emails, and provide detailed information about the victim’s device. They infect as many computers as possible, using methods like phishing to maximize their data collection efforts.
In the data leak of ChatGPT accounts, three types of info stealer malware were identified. Raccoon info stealer has emerged as the primary culprit behind the breach, compromising 78,348 hosts with access to ChatGPT. Close behind is Vidar, responsible for 12,984 compromised accounts, followed by Redline with 6,773 compromised accounts. These findings highlight the diverse range of info stealers involved in the breach of ChatGPT accounts and their significant impact on user security.
ChatGPT Data Breach: Unveiling the Top Regions and Countries Affected
The Threat Intelligence unit of Group-IB identified the regions and countries with the highest concentration of stealer-infected devices, each holding valuable ChatGPT credentials. Between June 2022 and May 2023, the Asia-Pacific region has emerged as the epicentre of this cybercrime wave, accounting for an astonishing 40.5% of all stolen ChatGPT accounts by info stealers.
As the digital battlefield expanded, other regions were not immune to this nefarious activity. The Middle East and Africa followed closely behind the Asia-Pacific, with 24.6% of stolen ChatGPT accounts originating from these areas. Europe also faced its fair share of cyber threats, accounting for 16.8% of the stolen credentials, while Latin America was not far behind at 12.2%. North America, although relatively less affected, still experienced a notable 4.7% of ChatGPT accounts falling into the hands of information stealers.
These statistics painted a harrowing picture of a global landscape under siege by cybercriminals, with the Asia-Pacific region taking centre stage. It was a stark reminder that no corner of the digital realm was immune to the relentless pursuit of valuable credentials and the havoc they could wreak in the wrong hands.
In the world of ChatGPT data breach, one country rises above all others to claim the throne of infamy: India, where a jaw-dropping 12,632 ChatGPT users’ accounts have fallen victim to the dark web’s clutches. It’s not difficult to understand why India has become a focal point, considering its rapid population growth and the widespread adoption of the Internet and technology over the past decade. As the nation flourishes, so too does the unfortunate presence of cybercriminals seeking to exploit vulnerabilities.
Trailing behind India’s distressing lead, we find Pakistan, Brazil, Vietnam, and Egypt, each bearing their own burdens of compromised ChatGPT credentials: 9,217, 6,531, 4,771, and 4,588 accounts, respectively.
Surprisingly, the United States, which recently emerged as the largest market for ChatGPT with over 1.5 million iOS downloads, has experienced a relatively minor impact from cyber criminals. The country stands 6th on the list of top 10 countries by the number of compromised ChatGPT accounts by info stealers between June 2022 and May 2023. Only 2,995 accounts were compromised and traded on the dark web, which is four times less than the number in India.
In a nutshell
An increasing number of employees and businesses are leveraging ChatGPT, an AI Chatbot by OpenAI, to optimize their work across software development and business communications. However, it’s essential to recognize the potential risks associated with this convenience.
By default, ChatGPT stores the history of user queries and AI responses, which poses a concern for unauthorized access. If unauthorized parties gain entry to ChatGPT accounts, confidential and sensitive information could be exposed. This, in turn, creates a significant vulnerability that cybercriminals may exploit for targeted attacks against companies and their employees.
The Groub-IB’s recent findings underscore the growing popularity of ChatGPT accounts within underground communities. This emerging trend raises serious questions about the misuse of this technology, emphasizing the need for organizations to remain vigilant and take proactive measures to protect their data.
To safeguard against these risks, businesses must prioritize robust security measures. Implementing strict access controls, encryption protocols, and comprehensive cybersecurity strategies can help mitigate the threats associated with compromised ChatGPT accounts.
To add an additional layer of security, enabling two-factor authentication (2FA) is highly recommended. With 2FA, users are required to provide a second verification code, typically sent to their mobile devices, before gaining access to their ChatGPT accounts. This adds an extra barrier against unauthorized access, even if login credentials are compromised.
