Stolen ChatGPT credentials are a sizzling commodity on the darkish net, based on Singapore-based menace intelligence agency Group-IB, which claims to have discovered some 225,000 stealer logs containing login particulars for the service final yr.
Group-IB reported discovering these logs in its annual Excessive Tech Crime Tends report printed final week. The doc alleges it discovered the logs on the market on the darkish net between January and October 2023.
Take into account these are stealer logs containing credentials, not username/password pairings – that means there could also be way over 225k credential units out there for misuse.
Based on Group-IB, it discovered round 130,000 of the ChatGPT credential-containing logs within the 5 months from June to October, 2023, representing a 36 % improve within the variety of logs discovered within the prior five-month interval between January and Could of final yr.
“With extra workers counting on ChatGPT for work optimization and its storage of previous interactions, compromised logins may expose delicate info, posing important safety dangers for companies,” Group-IB warned in a weblog put up summarizing its report.
This is not the primary time Group-IB has reported the theft of ChatGPT credentials. In June of final yr the agency revealed it had noticed greater than 100,000 stealer logs containing ChatGPT usernames and passwords on the darkish net – however that was for a whole yr, between June 2022 and Could 2023. The variety of logs containing ChatGPT credentials has been steadily rising, with simply 74 logs posted in June 2022, and 26,802 printed in Could 2023.
It is value noting that the information offered final June overlaps with the interval of this newest report, which covers January to October 2023. Of the greater than 100,000 beforehand reported logs containing ChatGPT credentials, 95,827 have been found from January to Could.
“The sharp improve within the variety of ChatGPT credentials on the market is as a result of total rise within the variety of hosts contaminated with info stealers, knowledge from which is then put up on the market on markets or in [underground clouds of logs],” Group-IB defined in its report.
As we reported not too long ago, ransomware actors are more and more counting on infostealers to realize preliminary footholds into sufferer networks. We have additionally famous not too long ago that cyber baddies have begun seeing a job for LLMs like ChatGPT in illicit on-line exercise.
In different phrases, it is in all probability a good suggestion to allow multifactor authentication and repeatedly change these ChatGPT passwords – particularly in case you’re utilizing it for work. ChatGPT retains logs of questions put to it, its responses and person knowledge – all helpful info within the improper fingers.
OpenAI did not reply to questions for this story. ®
