Massive ChatGPT hack: 100,000 accounts on the Dark Web!
Over 100,000 stolen credentials
The incident was discovered by a cybersecurity company, Group-IB. The Singapore-based company therefore announces in a recent article that more than 100,000 ChatGPT access accounts have been compromised, with their credentials being for sale on the Dark Web. Asia is the first area targeted, with 40% of hacks, followed closely by the Middle East and Africa (25%) then Europe (17%).
According to Group-IB’s latest findings, #ChatGPT accounts have already gained significant popularity within underground communities. We have identified 101,134 stealer-infected devices with saved ChatGPT credentials between June 2022 and May 2023. Curious to learn more? Head… https://t.co/qIL2zRw3qg
— Group-IB Global (@GroupIB) June 20, 2023
To recover these identifiers, hackers would have used thieving malware, a type of tool that attacks information stored in an application’s memory. Main tool used, the Racoon software, a Russian malware known to inflict damage to the security measures of many companies.
ChatGPT chain security vulnerabilities
As ChatGPT progresses at lightning speed, the chatbot has become a favorite target for hackers. Already, because the OpenAI solution has already revealed flaws on several occasions since its democratization last December. But also because the robot has greatly improved in writing code and script blocks.
A use that has become a real godsend for many budding hackers, who now use ChatGPT as a technical assistant to design their next moves. If OpenAI tries to keep control over the data of its users, as well as the use made of its robot, we feel that the music goes faster than the orchestra.
Beyond the obvious risk of leaked credentials, ChatGPT also represents a dangerous loss of privacy for many companies. Indeed, in recent months, the chatbot has become a real work assistant for many people, who share sensitive information without fear.
Let’s take the opportunity to do a booster shot. Tools like ChatGPT being open-air databases, never share private or sensitive items.
