The Singapore-based cybersecurity firm Group-IB reveals that hackers have leaked ChatGPT credentials on the dark web. The report indicates that the compromise has affected over 100,000 accounts.
Group-IB reported the theft using the Racoon Infostealer malware, which victims unknowingly downloaded through phishing emails. The report also wrote that the theft began in June 2022 and peaked in May 2023.
According to Group-IB’s report, the Asia-Pacific region accounted for most of the stolen ChatGPT credentials, with approximately 41,000 compromised accounts. India, Pakistan, Vietnam, Indonesia, and Bangladesh are among the countries. Group-IB advises users to update passwords and enable two-factor authentication for enhanced security.
“Many enterprises are integrating ChatGPT into their operational flow.” Dimitry Shestakov, Head of Threat Intelligence at Group-IB, said in the press release. “Employees enter classified correspondences or use the bot to optimize proprietary code. Given that ChatGPT’s standard configuration retains all conversations, this could inadvertently offer a trove of sensitive intelligence to threat actors if they obtain account credentials.”
Mitigation
To protect compromised ChatGPT accounts, Group-IB advises users to update their passwords regularly and enable two-factor authentication (2FA). Two-factor authentication adds an extra layer of security by requiring users to provide a verification code, usually sent to their mobile devices when accessing their ChatGPT accounts.
Visiting dark web communities helps organizations identify potential leaks or sales of sensitive data. Real-time Threat Intelligence allows them to take proactive actions, notify affected individuals, and strengthen their cybersecurity defences. By leveraging real-time threat intelligence, companies can better understand threats, protect their assets, and make informed decisions to enhance cybersecurity.
See Related: Google Establishes A Hacking Policy Council Among Others; Cybersecurity And Vulnerability Management
OpenAI committed $1 million towards AI cybersecurity efforts earlier this month.
