OpenAI’s ChatGPT Suffers Breach as Thousands of Logins Leak on Dark Web

According to cybersecurity firm, 100000 ChatGPT logins have leaked on dark web. As such, these affected accounts may result in bad actors accessing private data concerning people and organizations.

Dark Web Forces Infiltrate the Microsoft-Backed ChatGPT

A cybersecurity organization in Singapore shows that over the past year, the dark web has been a platform where more than 100000 login information ChatGPT, a popular artificial intelligence (AI) chatbot have leaked and sold.

Group-IB posted a blog on June 20 showing that between June 2022 and May 2023, more than 101000 devices with compromised access for OpenAI’s leading bot have traded on web marketplaces.

Asia Pacific Region Suffers the Largest ChatGPT Breach

Dmitry Shestakov, Group-IB’s threat intelligent head, revealed that this figure represents the total number of logs from stealer-affected devices analyzed by the company. Specifically, he claimed that each long comprised at least a single combination of login data and password for ChatGPT.

A peak was experienced in May 2023 in which online black markets contained an estimated 27000 ChatGPT-associated credentials. The area with the biggest number of compromised logs for sales within the past year was the Asia-Pacific region, accounting for nearly 40 percent of the approximate 100000 figure.

Overall, credentials based in India held the top spot with more than 12500, while the U.S had approximately 3000 leaked logins, placing it at the sixth spot. Further, France followed the United States and held the leading position for Europe. OpenAI can aid in the direct creation of ChatGPT accounts. Besides, login and use services can be done via the use of Microsoft, Google, or Apple.

OpenAI Blameless as Infrastructure Audit Reveals its Flawless

Shestakov claimed that the assessment of the sign-up methods was outside the organization’s research scope. However, he claimed that it is rational to assume that accounts using the direct authentication strategy were exploited.

However, one cannot blame OpenAI for the logins taken advantage of. The established logs that contain saved ChatGPT credentials is not linked to the infrastructure’s weaknesses.

Organizations Consider Banning Workers From Using ChatGPT

Group-IB’s blog post showed that the organization identified a rise on the number of workers utilizing ChatGPT for work. It cautioned that unauthorized users could expose private data concerning organization since the storage of chat history and user queries is by default.

This kind of data could later be utilized by other persons to execute attacks against individual workers or organizations.

Shestakov claimed that cybercriminals infected a significant number of individual user devices across the globe with the aim of stealing data.

According to him, regular software update and the use of use of two-factor authentication is critical. Remarkably, the firm claimed that ChatGPT was used to write the press release. 

Editorial credit: Ascannio / Shutterstock.com