A sudden statement by a research has taken the internet by storm, it said that 100k account credentials given to ChatGPT have been traded on in the dark web. This research was published by Group IB, a global cybersecurity leader headquartered at Singapore.
101,134 stealer infected devices were discovered with ChatGPT credentials in them. Between June 2022 and May 2023, the Asia-Pacific region experienced the highest percentage of accounts being stolen (40.5%). Other regions such as the US, Vietnam, Brazil, Egypt were also affected by this data breach.
The Threat Intelligence platform of this company had discovered these credentials within the grip of malwares that steal info. The number peaked in May 2023 at an alarming magnitude of 26,802 affected accounts. This level is seriously a caution for all users.
According to Group IB, the rise of ChatGPT in business communication and software development would definitely mean it would contain sensitive information of users; this chance was taken for making illegal benefits by the exploiters. The cybersecurity leader also mentions of the growing popularity of ChatGPT in underground communities.
They also found out that an information stealing hacker named Raccoon had breached majority of the accounts. Besides that, Vidar and Redline malwares had also the most number ofhosts who had their data breached due to access with ChatGPT.
Info stealing hackers are malwares that drain informationstored with the account in browsers, bank card details, cookies, crypto wallet information, browsing history and so on. They send this info to the malware operator. Since it operates non-selectively, it affects more computers to gather more possible gatherable data.
The Head of Threat Intelligence at Group IB, Dmitry Shestakov stated, “Many enterprises are integrating ChatGPTinto their operational flow. Employees enter classified correspondences or use the bot to optimize proprietary code. Given that ChatGPT’s standard configuration retains all conversations, this could inadvertently offer a trove of sensitive intelligence to threat actors if they obtain account credentials. At Group-IB, we are continuously monitoring underground communities to promptly identify such accounts.”
Experts advice to use 2-Factor Authentication in order to curb cybrr attack. This involves providing an additional verification code before accessing the ChatGPT accounts which even though might make the login process lengthier but would not hamper security.