Group-IB finds stolen ChatGPT credentials traded on dark web

Thursday, 22 June 2023 18:20

Group-IB finds stolen ChatGPT credentials traded on dark web Featured

By Sam Varghese

Image by Alexandra_Koch from Pixabay

Cyber security firm Group-IB claims to have discovered credentials for compromised ChatGPT accounts in the logs of info-stealing malware traded on the dark web. A total of 101,134 hosts were found to be hosting these credentials.

In a statement, which it said was written with the assistance of ChatGPT, the company noted that the number of accounts reached a high of 26,802 in May this year, with the highest number being from the Asia-Pacific region.

Group-IB said: "By default, ChatGPT stores the history of user queries and AI responses. Consequently, unauthorised access to ChatGPT accounts may expose confidential or sensitive information, which can be exploited for targeted attacks against companies and their employees.

"According to Group-IB’s latest findings, ChatGPT accounts have already gained significant popularity within underground communities."

Dmitry Shestakov, head of Threat Intelligence at Group-IB, said: “Many enterprises are integrating ChatGPT into their operational flow. Employees enter classified correspondences or use the bot to optimise proprietary code.

"Given that ChatGPT’s standard configuration retains all conversations, this could inadvertently offer a trove of sensitive intelligence to threat actors if they obtain account credentials. At Group-IB, we are continuously monitoring underground communities to promptly identify such accounts.”

Satnam Narang, senior staff research engineer at security firm Tenable, said: “Information stealing malware, such as Raccoon, Vidar and Redline are capable of stealing sensitive information stored in Web browsers, which includes user credentials (username/email and password), session cookies and browser history.

"Credentials tied to finance, social media, and others are likely to be compromised. The reporting from Group-IB reflects the increased interest in generative AI tools like ChatGPT usage around the world, and as a result, ChatGPT user credentials are being harvested by information stealing malware."

He said the biggest threat to ChatGPT users through exposed credentials was exposure of conversations between users and ChatGPT, which could include other sensitive information, either personally identifiable information, or workplace-related information, including sensitive company data.

“Another area of concern is password re-use," Narang said. "Historically, we know users tend to reuse passwords across multiple sites, so if users have had their ChatGPT account credentials compromised, it’s possible that other accounts are at risk as well if users reused their ChatGPT password elsewhere.

“At this time, OpenAI has temporarily paused the enrolment of two-factor authentication for ChatGPT. Once enrolment has been re-enabled, users should add it as an additional security measure.

"However, it’s important to note that information-stealing malware also steals session cookies, which can be used to bypass account security features like two-factor authentication if valid ChatGPT session cookies are also being sold on the dark web. Irrespective of this, we still advise users to enable this feature on their ChatGPT accounts.”

Read 250 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here
BACK TO LATEST NEWS here

GARTNER MARKET GUIDE FOR NDR 2022

You probably know that we are big believers in Network Detection and Response (NDR).

Did you realise that Gartner also recommends that security teams prioritise NDR solutions to enhance their detection and response?

Picking the right NDR for your team and process can sometimes be the biggest challenge.

If you want to try out a Network Detection and Response tool, why not start with the best?

Vectra Network Detection and Response is the industry's most advanced AI-driven attack defence for identifying and stopping malicious tactics in your network without noise or the need for decryption.

Download the 2022 Gartner Market Guide for Network Detection and Response (NDR) for recommendations on how Network Detection and Response solutions can expand deeper into existing on-premises networks, and new cloud environments.

DOWNLOAD NOW!

PROMOTE YOUR WEBINAR ON ITWIRE

It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.

MORE INFO HERE!