June 20 – In the last year, more than 100,000 ChatGPT account credentials were compromised. The credentials are now on the dark web. White hat professionals discovered the credentials when exploring information stealer logs that are listed for sale through underground forums.
Last month, the number of available logs containing compromised ChatGPT credentials reached 26,802 – a number higher than any ever seen before. Credential sales are primarily taking place within the Asia-Pacific region, although all geographies have been affected.
The majority of logs containing ChatGPT accounts have been breached by the notorious Raccoon info stealer (78,348), followed by Vidar (12,984) and RedLine (6,773). Among cyber criminals, information stealers have become popular due to their abilities to hijack passwords, cookies, credit cards and other information from browsers.
“Logs containing compromised information harvested by info stealers are actively traded on dark web marketplaces,” says a group of cyber security researchers. Logs often include details about the list of domains within the logs and info about the IP address of the compromised host.
Broadly speaking, infostealers have lowered the bar for cyber crime. What’s more is that hackers can purchase logs and then use the extensive quantity of information provided to conduct a series of attacks.
Corporate secrets at-risk
Many organizations are permitting employees to use ChatGPT as a co-pilot, or as a means of supporting regular work. But, employees who input sensitive correspondences or who use the bot to optimize code could inadvertently offer sensitive intelligence to hackers, especially if they manage to obtain the aforementioned logs and/or stolen account credentials.
To mitigate this risk, experts recommend that users follow appropriate password hygiene practices and secure ChatGPT accounts with two-factor authentication. This can help prevent takeover attacks.
For the latest on ChatGPT threats, please see CyberTalk.org’s past coverage. Lastly, subscribe to the CyberTalk.org newsletter for executive-level interviews, analyses, reports and more each week. Subscribe here.