Surge in Compromised ChatGPT Accounts

• Group-IB uncovers over 101,000 ChatGPT accounts compromised by info stealers, with a significant concentration in the Asia-Pacific region.
• The cybersecurity company recommends regular password updates and the implementation of two-factor authentication to mitigate risks associated with compromised ChatGPT accounts.

Group-IB, a leading cybersecurity company based in Singapore, reported that over the past year it has identified a staggering 101,134 instances of stealer-infected devices with saved ChatGPT credentials. Group-IB’s Threat Intelligence platform made this discovery through analyzing logs of information-stealing malware, which were being traded on illicit dark web marketplaces.

The Rising Threat to ChatGPT Accounts

ChatGPT, an AI-powered chatbot, has increasingly become a favored tool among employees to enhance productivity across various sectors, including software development and business communications. However, the data stored on ChatGPT, which includes the history of user queries and AI responses, can contain sensitive information. This makes ChatGPT accounts an attractive target for cybercriminals.

Group-IB’s analysis shows that ChatGPT accounts have surged in popularity among underground communities. In May 2023, a peak of 26,802 logs containing compromised ChatGPT accounts was observed.

The Infamous Raccoon Info Stealer

The majority of logs with compromised ChatGPT accounts were attributed to the notorious Raccoon info stealer malware. Info stealers are malicious programs that collect credentials, bank card details, browsing history, and other data from browsers on infected computers and transmit this data to the malware operator. The collected data can include details from instant messaging and emails, as well as in-depth information about the victim’s device.

Due to the non-selective nature of the info stealers, they infect a broad range of computers through phishing or other means, harvesting as much data as possible. This type of malware has become a significant source of compromised personal data due to its effectiveness and simplicity.

Asia-Pacific Region Most Affected

Group-IB’s analysis also pinpointed the regions most affected by these breaches. The Asia-Pacific region was hit the hardest, accounting for 40.5% of the ChatGPT accounts stolen by info stealers between June 2022 and May 2023. India was the country most affected by this breach, with 12,632 stolen credentials originating from there.

Mitigating Risks

In light of these findings, Group-IB strongly recommends users to regularly update their passwords and implement two-factor authentication (2FA). Enabling 2FA ensures users must provide an additional verification code, usually sent to their mobile devices, before accessing their ChatGPT accounts.

Additionally, organizations should actively monitor dark web communities to detect if sensitive data is being leaked or sold. Leveraging real-time Threat Intelligence allows organizations to take preemptive measures to mitigate the impact, notify affected individuals, and bolster their security to avert further damage.

This incident underscores the critical need for organizations and individuals to remain vigilant and adopt robust cybersecurity measures to protect sensitive information in the face of evolving cyber threats.