100,000 ChatGPT accounts hacked: This is what users should do
Group-IB is a leading cybersecurity company headquartered in Singapore. According to one report The company has identified more than 100,000 thief-infected devices with stored ChatGPT credentials.
The compromising data was found in the logs of malware traded on illicit dark web marketplaces. According to Group-IB’s findings, the Asia-Pacific region has seen the highest concentration of ChatGPT credentials sold.
Behind the attacks are so-called info-stealers. They are able to steal passwords, cookies, credit card details and other important information from browsers.
The success of the cybercriminals indicates that users do not use unique passwords or do not activate two-factor authentication. Law enforcement agencies struggle to stop cybercriminal activity due to the anonymity of the dark web.
The Group-IB experts emphasize that more and more employees are using the chatbot at work. By default, ChatGPT saves the history of user requests and AI responses.
“Many companies integrate ChatGPT into their workflows. Employees enter secret correspondence or use the bot to optimize their own code. Since ChatGPT’s default configuration stores all conversations, this could unintentionally provide threat actors with a treasure trove of sensitive information when they obtain account credentials,” said Dmitry Shestakov, Head of Threat Intelligence at Group-IB.
Editor’s Recommendations
Accordingly, unauthorized access to users’ accounts may reveal confidential and sensitive information. These can be used for targeted attacks against companies and their employees.
With 12,632 credentials stolen, India is the country hardest hit. Many technology companies have integrated ChatGPT to increase their customer service and employee productivity.
In view of the risks mentioned, Shestakov recommends that users take appropriate care of cyber security. Two-factor authentication is a good way to protect accounts from attacks. Not only is a password required to access data, but also a security code on the phone. It should also be clear: 1234 or 0000 are not appropriate passwords.
As cybercriminals evolve their tactics, it becomes increasingly important to educate and raise public awareness of the risks. Regardless of the tools used, one should remain vigilant and encourage safe practices. That doesn’t make you an easy target.