Over 100,000 Stolen ChatGPT Account Credentials Sold on Dark Web Marketplaces
Between June 2022 and May 2023, more than 101,100 compromised credentials for OpenAI ChatGPT accounts were discovered on illicit dark web marketplaces. India had the highest number of stolen credentials, with 12,632 accounts compromised. These credentials were found within information stealer logs that were being sold on the cybercrime underground. The Asia-Pacific region had the highest concentration of ChatGPT credentials available for sale. Other countries with a significant number of compromised credentials included Pakistan, Brazil, Vietnam, Egypt, the U.S., France, Morocco, Indonesia, and Bangladesh.
The majority of the logs containing ChatGPT accounts were breached by the Raccoon info stealer (78,348), followed by Vidar (12,984) and RedLine (6,773). Information stealers have gained popularity among cybercriminals for their ability to steal passwords, cookies, credit cards, and other information from web browsers and cryptocurrency wallets.
These compromised logs are actively traded on dark web marketplaces and often include additional information such as the compromised host's IP address and the domains found in the log. The availability of these logs has lowered the barrier for cybercrime and has facilitated follow-on attacks using the stolen credentials.
As many enterprises integrate ChatGPT into their operations, there is a risk of inadvertently exposing sensitive intelligence to threat actors if account credentials are obtained. To mitigate such risks, users are advised to follow good password practices and secure their accounts with two-factor authentication (2FA) to prevent unauthorized access.
These developments occur alongside a malware campaign that utilizes fake OnlyFans pages and adult content lures to deliver a remote access trojan and an information stealer called DCRat. Additionally, a new variant of the GuLoader malware has been discovered, which uses tax-themed decoys to inject the Remcos RAT into legitimate Windows processes.
OpenAI clarified that the findings from Group-IB's report were a result of commodity malware on users' devices and not a breach of OpenAI's systems. OpenAI is currently investigating the exposed accounts and maintains industry best practices for user authentication and authorization. Users are encouraged to use strong passwords and install verified and trusted software on their personal computers.
blogpay
