Data of more than 1,00,000 users of ChatGPT were leaked online, with India and Pakistan topping the list.
A new report by Group-IB, a cybersecurity leader based in Singapore, has found that as many as 1,01,134 stealer-infected devices with saved ChatGPT credentials are being sold in the dark web between June 2022 and May 2023.
Last month alone, they claimed to have found more than 26,800 ChatGPT credentials, a peak since Group-IB began tracking the data.
The Threat Intelligence Unit of the Group-IB has revealed that India (12,632), Pakistan (9,217), and Brazil (6,531) were among the top countries where users were impacted by the cyberattack.
The report further mentions that most of these credentials were traded in the Asia-Pacific region.
Raccoon malware
The researchers from the cyber firm said that the stolen ChatGPT credentials were accessed due to the popular Raccoon malware.
Just like the basic malware, Raccoon steals users’ info from their computers after they download the software, which is often disguised as an app or file that the user actually wants.
Raccoon is known to be easily available and regarded as one of the dependable malware as it maintains a healthy subscriber base, making it a popular choice among hackers.
"Employees enter classified correspondences or use the bot to optimize proprietary code. Given that ChatGPT’s standard configuration retains all conversations, this could inadvertently offer a trove of sensitive intelligence to threat actors if they obtain account credentials."
Moreover, the hackers who have access to their ChatGPT accounts can also access their other accounts with the help of the malware if the users reuse the same password for multiple platforms.And, if the target is paying for ChatGPT's premium plan, ChatGPT Plus, they may also be unwittingly paying for others to use the paid-for service as well.
Potential dangers of ChatGPT hack
Several experts have raised potential security concerns specifically relating to having a ChatGPT account compromised by hackers.
Many companies, including Google, have warned their employees not to store sensitive information in ChatGPT because that data could be used to train the AI language models.
ChatGPT has a feature that can save a user’s chat history. This was made possible after its creator OpenAI released a feature a few months ago.
And the fact that companies had to warn their warn employees does lend credence to the fact that it might have happened before.
Link CHATGPT