Over 100,000 Compromised OpenAI ChatGPT Accounts Sold on Dark Web
In a significant cybersecurity incident, over 100,000 OpenAI ChatGPT account credentials have been compromised and sold on the dark web. The breach, which has raised concerns about the security of AI applications, underscores the need for robust cybersecurity measures.
The highest concentration of compromised ChatGPT credentials being sold was found in the Asia-Pacific region, with the number of available logs containing compromised ChatGPT accounts peaking at 26,802 in May 2023. The countries with the most compromised ChatGPT credentials include India, Pakistan, Brazil, Vietnam, Egypt, the U.S., France, Morocco, Indonesia, and Bangladesh.
The majority of compromised ChatGPT accounts were breached by the Raccoon info stealer, followed by Vidar and RedLine. These information stealers are notorious for their ability to hijack passwords, cookies, credit cards, and other information from browsers, and cryptocurrency wallet extensions.
Logs containing compromised information are actively traded on dark web marketplaces. These logs include the lists of domains found in the log as well as the information about the IP address of the compromised host.
ChatGPT is being integrated into operational flows of many enterprises, potentially exposing sensitive intelligence to threat actors. Employees enter classified correspondences or use the bot to optimize proprietary code. Given that ChatGPT's standard configuration retains all conversations, this could inadvertently offer a trove of sensitive intelligence to threat actors if they obtain account credentials.
To mitigate such risks, it's recommended that users follow appropriate password hygiene practices and secure their accounts with two-factor authentication (2FA) to prevent account takeover attacks.
The development comes amid an ongoing malware campaign that's leveraging fake OnlyFans pages and adult content lures to deliver a remote access trojan and an information stealer called DCRat (or DarkCrystal RAT), a modified version of AsyncRAT.