Cybersecurity Firm Raises Alarm as 100K ChatGPT User Logins Found on Dark Web

Dark Web Leak Exposes Confidential Data as 100K ChatGPT Accounts Compromised, Warns Cybersecurity Firm

A cybersecurity company has issued a grave warning after discovering that over 100,000 login credentials for the renowned artificial intelligence chatbot, ChatGPT, have been leaked and traded on the dark web. According to a recent blog post by Group-IB, a Singaporean cybersecurity firm, more than 101,000 compromised logins for ChatGPT were found on illicit online marketplaces between June 2022 and May 2023.

Dmitry Shestakov, the head of threat intelligence at Group-IB, confirmed that these numbers represent “the number of logs from stealer-infected devices that Group-IB analyzed.” Each log contained at least one combination of ChatGPT login credentials and passwords.

The month of May 2023 saw a significant surge, with nearly 27,000 ChatGPT-related credentials available for sale on black markets. Geographically, the Asia-Pacific region accounted for the largest share of compromised logins, comprising approximately 40% of the total figure. Indian-based credentials were the most prevalent, exceeding 12,500, while the United States ranked sixth with nearly 3,000 leaked logins. France secured the seventh spot globally but took the lead in Europe.

Users can create ChatGPT accounts directly through OpenAI or opt for authentication through Google, Microsoft, or Apple accounts. While Group-IB did not analyze the registration methods, Shestakov speculated that mainly accounts using the “direct authentication method” were targeted. However, he stressed that OpenAI is not at fault for the compromised logins, stating, “The identified logs containing saved ChatGPT credentials are not a result of any weaknesses in ChatGPT’s infrastructure.”

Group-IB’s blog post highlighted a concerning trend: an increasing number of employees utilizing ChatGPT for work purposes. The firm cautioned that unauthorized users could potentially exploit the stored user queries and chat history to gain access to confidential company information. This information, once obtained, could be exploited in attacks against companies or individual employees.

Shestakov revealed that cybercriminals infected “thousands of individual user devices worldwide” to steal the compromised data, underscoring the importance of regular software updates and implementing two-factor authentication.

Interestingly, Group-IB mentioned that the press release itself was created with the assistance of ChatGPT, showcasing the capabilities of the chatbot in generating written content.