Cybersecurity firm Group-IB has unearthed evidence of 101,134 infected devices holding stored ChatGPT credentials, with the Asia-Pacific region emerging as a particular hotspot. Data extracted from logs of information-stealing malware sold on dark web markets over the past year revealed the breach.
In May 2023 alone, the logs containing compromised ChatGPT accounts peaked at 26,802, signalling a growing interest in the AI chatbot within the cyber-underground.
ChatGPT, widely used in both software development and business communications, maintains a record of user interactions, thus unauthorized access can expose sensitive or confidential information. This has escalated the bot’s appeal within malicious circles.
Group-IB’s Threat Intelligence platform, which boasts the industry’s most extensive dark web data library, continues to monitor illicit online spaces, uncovering compromised credentials, stolen credit cards, new malware samples, and network access. The data enables businesses to take preventative measures and manage their cyber risks.
The Raccoon info stealer was identified as the primary culprit in the majority of ChatGPT account breaches. Info stealers, malware that gather saved browser credentials, bank details, browsing history, and various other types of information, are becoming an increasingly significant source of personal data breaches.
This form of malware indiscriminately infects as many computers as possible to collect as much data as possible, often using phishing techniques. The harvested logs, which include compromised information, are then traded on dark web marketplaces.
In terms of geographical distribution, the Asia-Pacific region accounted for the highest number of stealer-infected devices containing ChatGPT credentials, contributing to 40.5% of the total between June 2022 and May 2023.