Hackers Leak Over 100,000 ChatGPT Credentials on the Dark Web

Over 100,000 login credentials for OpenAI’s ChatGPT synthetic intelligence chatbot had been leaked onto the darkish net, in line with a report this week from Group-IB, a cybersecurity agency primarily based in Singapore.

Group-IB wrote that the credential theft started in June 2022 however peaked at 26,802 stolen logins in Might 2023. The theft, the report stated, was orchestrated with the Raccoon Infostealer malware, which is downloaded by victims after receiving a phishing e mail.

As soon as contaminated, the malware collects login credentials, historical past, and cookies saved in net browsers. Group-IB stated this will additionally embody crypto pockets data. In keeping with blockchain analytics agency Chainalysis, over $3 billion in cryptocurrency was stolen in 2022 alone.

One of the frequent types of cyberattacks, phishing assaults, come within the type of e mail, textual content messages, or messages on social media and embody sending fraudulent communications like texts and messages on social media that seem to come back from a good supply.

“This sort of malware infects as many computer systems as attainable via phishing or different means with a purpose to gather as a lot information as attainable,” Group-IB wrote in a press launch co-authored with ChatGPT. “Information stealers have emerged as a serious supply of compromised private information attributable to their simplicity and effectiveness.”

In its report, Group-IB wrote that almost all of stolen ChatGPT credentials, about 41,000 of them, had been from the Asia-Pacific area. Group-IB recommends customers replace their passwords and use two-factor authentication on their accounts.

Earlier this month, OpenAI pledged $1 million in the direction of AI cybersecurity initiatives.

In October 2022, the U.S. Lawyer’s Workplace for the Western District of Texas unsealed indictment costs from the Division of Justice towards Mark Sokolovsky for his alleged position in Raccoon Infostealer, which the company known as a world cybercrime operation.

The software program was supplied as “malware-as-a-service” (MaaS), permitting customers to lease entry to the illicit instruments for a month-to-month charge.

In keeping with DOJ paperwork, Sokolovsky is charged with one rely of conspiracy to commit laptop fraud; one rely of conspiracy to commit wire fraud; one rely of conspiracy to commit cash laundering; and one rely of aggravated id theft.

The Amsterdam District Courtroom granted Sokolovsky’s extradition to america to face trial on September 13, 2022. If convicted, Sokolovsky faces 20 years in federal jail.

OpenAI, Group-IB, and the U.S. Division of Justice haven’t but responded to Decrypt’s request for remark.