More than 100,000 login credentials for the popular AI chatbot ChatGPT have been leaked and traded on the dark web in the past year. The highest number of compromised ChatGPT accounts, reaching 26,802, was recorded in May 2023.
Info stealers have the ability to gather a wide range of information, including details about a targeted machine, cookies, browser histories, and various documents. Hackers often capitalise on this valuable data, not only for their personal use but also by selling it on the Dark Web. Online marketplaces frequently deal in logs that expose victims’ account credentials for popular applications.
From June 2022 to the previous month, cybersecurity firm Group-IB monitored the number of these logs available for sale that disclosed ChatGPT accounts. They found a total of 101,134 such logs. The primary culprit behind these breaches was the notorious Raccoon malware, a Russian-designed tool that was first discovered in 2019. After a temporary shutdown following the demise of its creator early last year, Raccoon returned with enhancements three months later. Since then, it has been responsible for at least 78,348 instances of leaked ChatGPT credentials across various devices.
In addition to Raccoon, the researchers identified 12,984 logs associated with Vidar and 6,773 logs connected to Redline, both of which contained GPT-related content.
Between June 2022 and May 2023, the Asia-Pacific region accounted for the largest number of ChatGPT accounts stolen by info stealers, comprising 40.5 percent of the total. The MEA region followed in second place, with 24.6 percent of stealers-infected devices containing saved ChatGPT credentials.
Within the Middle East and Africa, Egypt, Morocco, Algeria, Turkey, and Kenya topped the list with the highest number of devices infected by stealers and containing saved ChatGPT credentials.
