The rising popularity of ChatGPT, an AI chatbot developed by OpenAI, has unfortunately led to a surge in cybercriminal activity. In a recent report by cybersecurity firm Group-IB, it has been revealed that over the past year, more than 100,000 compromised ChatGPT login credentials have been discovered for sale on dark web marketplaces.
Widespread Compromise of ChatGPT Accounts
ChatGPT has witnessed exponential growth since its public launch, amassing over 100 million users in just a few months. Unfortunately, this popularity comes at a cost, as the number of stolen login credentials for ChatGPT accounts has risen in tandem. Group-IB’s research highlights that they detected more than 26,800 compromised ChatGPT credentials last month alone, representing the highest recorded number since they began tracking this data.
If users reuse their passwords across various platforms, a compromised ChatGPT account can potentially lead to unauthorized access to their other accounts. Additionally, if a victim is subscribed to ChatGPT’s premium plan, ChatGPT Plus, they may be unwittingly paying for others to use the paid-for service as well.
Raccoon Malware Facilitates the Breach
Group-IB’s researchers have identified that most stolen ChatGPT credentials can be attributed to the notorious Raccoon malware, operating like conventional malware, which infects a user’s computer after disguising itself as a legitimate application or file. However, what sets Raccoon apart is its accessibility as a reliable subscription service, making it a favored choice among hackers. This ease of use and availability have contributed to the widespread compromise of ChatGPT accounts, amplifying the threat posed by cybercriminals.
Dmitry Shestakov, Head of Threat Intelligence at Group-IB, highlights another pressing issue: “Many enterprises are integrating ChatGPT into their operational flow. Employees enter classified correspondences or use the bot to optimize proprietary code. Given that ChatGPT’s standard configuration retains all conversations, this could inadvertently offer a trove of sensitive intelligence to threat actors if they obtain account credentials.”