In just over six months since its launch more than 100,000 ChatGPT account credentials were discovered on the dark web, signalling a worrying trend in cybercrime, according to cybersecurity firm Group-IB.
These findings indicate that the last month witnessed the peak of this cyber breach, with as many as 26,802 logs containing compromised ChatGPT accounts.
The Asia-Pacific region bore the brunt of the cyber assault, recording the highest concentration of available ChatGPT credentials on the dark web over the year with India topping the list.
The majority of the hacks were perpetrated through information stealers, which have grown notorious among cyber criminals for their prowess in hijacking passwords and cookies.
"Logs containing compromised information harvested by info stealers are actively traded on dark web marketplaces," stated Group-IB.
According to Group-IB’s latest findings, #ChatGPT accounts have already gained significant popularity within underground communities. We have identified 101,134 stealer-infected devices with saved ChatGPT credentials between June 2022 and May 2023. Curious to learn more? Head… https://t.co/qIL2zRw3qg— Group-IB Global (@GroupIB) June 20, 2023
Threats to businesses
Dmitry Shestakov, the head of threat intelligence at Group-IB, highlighted the growing risks as many businesses integrate ChatGPT into their operational flow.
As employees use the bot for classified correspondences or code optimisation, all these interactions are retained by ChatGPT's standard configuration, inadvertently creating a potential treasure trove of sensitive information for threat actors.
To mitigate such risks, users are urged to adhere to robust password hygiene practices and secure their accounts using two-factor authentication (2FA) to thwart account takeover attacks.