Hackers Target ChatGPT Users

Over 101,100 compromised OpenAI’s ChatGPT account credentials found their way on illicit dark web marketplaces between June 2022 and May 2023, with India accounting for 12,632 stolen credentials. The credentials were discovered within information stealer logs made available for sale on the cybercrime underground. The Singapore-headquartered company Group-IB reported, “The number of available logs containing compromised ChatGPT accounts reached a peak of 26,802 in May 2023.” The Asia-Pacific region experienced the highest concentration of ChatGPT credentials offered for sale over the past year. Other countries with the biggest number of compromised ChatGPT credentials include Pakistan, Brazil, Vietnam, Egypt, the United States, France, Morocco, Indonesia and Bangladesh. 

“Many enterprises are integrating ChatGPT into their operational flow,” Dmitry Shestakov, head of threat intelligence at Group-IB, said. “Employees enter classified correspondences or use the bot to optimize proprietary code. Given that ChatGPT’s standard configuration retains all conversations, this could inadvertently offer a trove of sensitive intelligence to threat actors if they obtain account credentials.” To mitigate such risks, it’s recommended that users follow appropriate password hygiene practices and secure their accounts with two-factor authentication (2FA) to prevent account takeover attacks. With close to a billion users a month now on ChatGPT, it’s not surprising that hackers are targeting its users. They’re targeting ChatGPT because that’s where the users are.