The risk of information leakage from taking advantage of ChatGPT to optimize work

Group-IB, a global cybersecurity leader headquartered in Singapore, has identified 101,134 devices infected with the stolen ChatGPT credentials (login).

Specifically, Group-IB’s Threat Intelligence platform found these compromised credentials in the logs of information-stealing malware traded on unauthorized Dark Web markets over the past year. . The number of available logs containing exposed ChatGPT accounts reached a peak of 26,802 in May 2023.

According to the research results of Group-IB, the Asia-Pacific region is home to the largest concentration of ChatGPT credentials for sale in the past year.

Group-IB experts emphasize that more and more employees are taking advantage of Chatbots to optimize their work, be it software development or business communication. By default, ChatGPT stores user query history and Artificial intelligence (AI) responses. Therefore, unauthorized access to ChatGPT accounts could expose confidential or sensitive information. This information can be exploited for targeted attacks against companies and their employees.

According to the latest findings of Group-IB, ChatGPT accounts have become very popular with underground communities.

Group-IB’s Threat Intelligence Platform hosts a large library of dark web data, monitoring cybercriminal forums, markets and closed communities in real time to identify exposed credentials (logins) Hacks, stolen credit cards, new malware samples, access to corporate networks and other critical intelligence enable companies to identify and mitigate cyber risks before damage occurs. more. Group-IB’s analysis of underground markets has shown that the majority of logs containing ChatGPT accounts have been compromised by the notorious information-stealing software Raccoon. The growing popularity of AI-powered chatbots is evident in the continued increase in exposed ChatGPT accounts that Group-IB’s Threat Intelligence team has observed over the past year.

Credential stealing software is a type of malware that collects credentials (login) stored in browsers, bank card information, cryptocurrency wallet information, cookies, browsing history and other information from the browser installed on the infected computer. They then send all this data to the malware operator. The spyware can also collect data from instant messengers and emails, along with details about the victim’s device.

The spyware works non-selectively. This type of malware infects computers as much as possible through phishing or other means to collect as much data as possible. Credential theft software has become a major source of compromised personal data due to their simplicity and effectiveness. Logs containing information compromised by credential-stealing software are actively traded on dark web markets. Additional information about the logs available on such marketplaces includes a list of domains found in the logs as well as information about the IP address of the compromised server.

By analyzing this information, Group-IB’s Threat Intelligence team identified the countries and regions with the highest levels of stolen devices with ChatGPT credentials stored. The Asia-Pacific region saw the highest number of ChatGPT accounts being stolen by software-stealing software (40.5%) between June 2022 and May 2023.