ChatGPT is no longer just a text generator; it has become a popular target for cybercriminals.
The Group-IB Threat Intelligence team recently discovered over 101,134 stealer-infected devices with saved ChatGPT credentials floating around on the dark web.
Cybercriminals have found a way to obtain your ChatGPT login information and are now trading it like rare Pokémon cards in batch.
For many, ChatGPT is a useful tool, particularly for sensitive tasks such as drafting emails, writing important code, or brainstorming new ideas.
Consider all that data falling into the wrong hands. That is the reality.
Stolen credentials can provide access to personal data, sensitive information, and even corporate secrets.
ChatGPT Credentials; Why Do Cybercriminals Care?
You may wonder why cybercriminals would be interested in ChatGPT credentials in the first place.
It's not just about using an AI tool. Your ChatGPT account may be linked to other valuable data, such as personal or professional information saved in your chat history.
For businesses, this is particularly concerning. Employees frequently use ChatGPT to collaborate on top-secret projects, and compromised accounts could result in major breaches of important information.
So, how did we get here? As always, info-stealing malware that is. These stealthy programs are installed on devices, sometimes through a seemingly innocent software update or a malicious email attachment.
Once inside, they collect a variety of information, including saved passwords for services such as ChatGPT.
The data then ends up on dark web marketplaces, where anyone with the necessary cryptocurrency can purchase it.
From the Dark Web to Social Media
As if the dark web wasn't enough, cybercriminals are now operating on social media platforms to broaden their reach.
While they continue to trade stolen ChatGPT credentials and other data on underground forums, they also use Telegram, Facebook, and TikTok to avoid detection.
Telegram has entire channels dedicated to selling malware, hacking tools, and stolen credentials.
Surprisingly, TikTok has become a platform for hackers to share videos of their exploits, turning cybercrime into a twisted social media challenge.
Pavel Durov, CEO of Telegram, has come under fire in the EU for not cracking down on these illegal activities, demonstrating that social media is quickly becoming the new dark web.
ChatGPT may be changing the way we interact with technology, but it has also piqued the interest of cybercriminals, who see it as another opportunity for exploitation.
With cybercriminals now using both the dark web and social media to trade stolen data, the risks are greater than ever.
So keep in mind that if your ChatGPT account is compromised, more than just your AI chats are at risk; there could be a lot more.