Over 100,000 #ChatGPT Login Credentials Leaked on #DarkWeb, Raising Concerns of #Cybersecurity
According to a recent report by Group-IB, a cybersecurity firm based in Singapore, more than 100,000 login credentials for OpenAI's ChatGPT AI chatbot have been leaked on the dark web . The theft of these credentials began in June 2022 and reached its peak in May 2023, with 26,802 stolen logins during that period . The perpetrators behind this credential theft utilized the Raccoon Infostealer malware, which victims unknowingly downloaded after falling for phishing emails .
Once infected with the malware, it gathers various pieces of information, including login credentials, browsing history, cookies, and potentially even cryptocurrency wallet details . It is worth noting that in 2022 alone, over $3 billion in cryptocurrency was stolen, highlighting the potential risks associated with such data breaches.
Phishing attacks, which involve fraudulent communications via email, text messages, or social media, are among the most common forms of cyberattacks. These attacks often impersonate reputable sources to deceive victims into providing sensitive information . The Raccoon Infostealer malware aims to infect as many computers as possible through phishing or other means to collect extensive data.
Group-IB's report reveals that the majority of the stolen ChatGPT credentials, approximately 41,000, originated from the Asia-Pacific region. In light of this breach, Group-IB advises users to update their passwords and enable two-factor authentication for their accounts .
In related news, OpenAI recently pledged $1 million towards AI cybersecurity initiatives . Additionally, the U.S. Department of Justice has taken action against the individuals involved in the Raccoon Infostealer operation, including Mark Sokolovsky, who was charged with multiple cybercrime offenses . Sokolovsky's extradition to the United States has been granted, and he may face up to 20 years in federal prison if convicted .
As of now, OpenAI, Group-IB, and the U.S. Department of Justice have not responded to Decrypt's request for comment on this matter.