ChatGPT harnessed huge popularity over the past few months. In fact, within one week of its test launch, the platform recorded more than 1 million visitors. Unfortunately, with such popularity, OpenAI’s service also witnessed some malicious activity. Yes, we have a ChatGPT breach on our plate.
Threat actors utilized the platform’s success to initiate all kinds of attacks, including creating fake applications to trick victims into installing malware on their devices.
And now, they targeted the real thing. Using info-stealing malware, more than 100 thousand account credentials found their way on illicit dark web marketplaces.
With such a global impact, this incident can cause a lot of damage. Here’s everything we know about it.
ChatGPT Breach – The Cybercrime Underground Scores Big
ChatGPT has had its fair share of impersonation attempts, where cybercriminals disguised themselves as the popular AI Chatbot to lure victims in.
In fact, not long ago, threat actors used malvertising, redirecting victims to malicious pages where they could download the ChatGPT app.
Of course, to the ones who know, there’s no such thing as a ChatGPT app. It’s just a scheme that ends up injecting malware into the users’ devices.
Now, it’s different. This time around, ChatGPT itself suffered a huge data breach. According to Cyberintelligence firm Group-IB, researchers have observed that cybercriminals used information-stealing malware to snatch ChatGPT accounts over the past year.
They witnessed a peak in that activity during the month of May 2023, when thousands of account credentials were offered on the dark web marketplace:
“The number of available logs containing compromised ChatGPT accounts reached a peak of 26,802 in May 2023.
The Asia-Pacific region has experienced the highest concentration of ChatGPT credentials being offered for sale over the past year.”
As seen in the quote above, the Singapore-headquartered company clearly states that the Asia-Pacific region is the most impacted. Yes, the breach is global, but certain regions drew most of the malicious attention.
Surprisingly, Europe and the United States weren’t among the most impacted countries, which makes us question the origin of the group behind the attack.
What’s scary about this campaign is that threat actors are using well-known stealers to perfect their operations.
Those include RedLine, Vidar, and Raccoon – Three of the most dominant info-stealers in the world.
However, it gets worse. With such credentials, no one knows the extent of the damage that can be done.
Anyone can access previous chats initiated with ChatGPT, leading to chaos and the exfiltration of sensitive information:
“Employees enter classified correspondences or use the bot to optimize proprietary code. Given that ChatGPT’s standard configuration retains all conversations, this could inadvertently offer a trove of sensitive intelligence to threat actors if they obtain account credentials.”
Having such delicate data out in the open is catastrophic. Security researchers and software engineers use ChatGPT in their work. You never know what data threat actors can get their hands on.
ChatGPT: A Huge Breach with Huge Repercussions
When such crucial information is leaked, users should take immediate action to avoid any future predicaments. The first thing they need to do is enable 2FA (Two-Factor Authentication).
That way, whoever tries to log in to their account requires additional information (Verification Code) to gain access. Without that, the stolen credentials are deemed useless.
Companies that believe their data is in question can also check the dark web. They can identify if their sensitive data or customer information is being leaked or sold.