Compromised ChatGPT accounts garner rapid dark web popularity

Compromised credentials were found within the logs of info-stealing malware traded on illicit dark web marketplaces over the past year, according to Group-IB.

The number of available logs containing compromised ChatGPT accounts reached a peak of 26,802 in May 2023. According to the findings, the Asia-Pacific region has experienced the highest concentration of ChatGPT credentials being offered for sale over the past year.

Experts highlight that more and more employees are taking advantage of the Chatbot to optimize their work, be it software development or business communications. By default, ChatGPT stores the history of user queries and AI responses.

Unauthorized ChatGPT access

Consequently, unauthorized access to ChatGPT accounts may expose confidential or sensitive information, which can be exploited for targeted attacks against companies and their employees. According to Group-IB, ChatGPT accounts have already gained significant popularity within underground communities.

The analysis of underground marketplaces revealed that the majority of logs containing ChatGPT accounts have been breached by the infamous Raccoon info stealer. The growing popularity of the AI-powered chatbot is evident in the consistent increase of compromised ChatGPT accounts observed throughout the past year.

By analyzing this information, researchers identified the countries and regions with the highest concentration of stealer-infected devices with saved ChatGPT credentials. The Asia-Pacific region saw the largest number of ChatGPT accounts stolen by info stealers (40.5%) between June 2022 and May 2023.

“Many enterprises are integrating ChatGPT into their operational flow,” says Dmitry Shestakov, Head of Threat Intelligence at Group-IB.

“Employees enter classified correspondences or use the bot to optimize proprietary code. Given that ChatGPT’s standard configuration retains all conversations, this could inadvertently offer a trove of sensitive intelligence to threat actors if they obtain account credentials,” Shestakov continued.

To mitigate the risks associated with compromised ChatGPT accounts, researchers advise users to update their passwords regularly and implement two-factor authentication. By enabling 2FA, users are required to provide an additional verification code, typically sent to their mobile devices, before accessing their ChatGPT accounts.

Having visibility into dark web communities allows organizations to identify if their sensitive data or customer information is being leaked or sold. Using real-time threat intelligence, companies can better understand the threat landscape, proactively protect their assets, and make informed decisions to strengthen their overall cybersecurity posture.