Massive loss of ChatGPT credentials: Over 100,000 accounts affected

It is a remarkable revelation that within one year, from June 2022 to May 2023, more than 100,000 OpenAI ChatGPT account credentials have been exposed on illicit dark web marketplaces.

According to a Group-IB report, these credentials were found in logs of stolen information, which was subsequently offered for sale on underground cybercrime platforms.

Affected Users Worldwide

India bore the brunt of this breach: 12,632 stolen credentials were traced to the country.

This highlights the rapid adoption of ChatGPT in India. Many Indian tech companies have integrated ChatGPT to improve customer service and employee productivity.

Several other countries follow closely. The hardest hit are Pakistan, Brazil, Vietnam, Egypt, the US, France, Morocco, Indonesia and Bangladesh.

The far-reaching impact shows the popularity of ChatGPT across cultures and regions.

Behind the Security Breach: The Role of Information Thieves

Information stealers are growing in popularity among cyber criminals as they can steal passwords, cookies, credit cards and other important information from browsers and cryptocurrency wallet extensions.

The success of information thieves suggests that people are not practicing good cyber hygiene, such as using unique passwords and enabling two-factor authentication.

Logs containing compromised information collected by information thieves are easily traded on dark web marketplaces.

Law enforcement agencies are struggling to curb illicit transactions on the dark web, which has become a hub for cybercriminal activity due to the anonymity it offers.

Risks of ChatGPT integration and need for safe practices

“Many companies integrate ChatGPT into their operations,” notes Dmitry Shestakov, Head of Threat Intelligence at Group-IB.

This illustrates how AI is transforming businesses, but also bringing new risks.

Given these risks, Shestakov recommends users to follow proper password security practices and secure their accounts with two-factor authentication (2FA) to prevent account takeover attacks.

Enabling 2FA is one of the best ways for users to protect their accounts as it requires not only the password but also other information like a security code sent to the user’s phone.

In total

This incident underscores the urgent need for improved security practices in a world increasingly dependent on AI and digital interactions.

As cybercriminals evolve their tactics, public awareness of cyber risks and ways to mitigate them becomes increasingly important.

Regardless of what tools you use, stay alert and prioritize safe practices to avoid becoming an easy target.

Featured image: BRO.vector/Shutterstock