More than 225,000 ChatGPT credentials are being sold on the darknet

Between January and October 2023, over 225,000 logs containing pilfered ChatGPT credentials were discovered on the darknet, as reported by Group-IB researchers.

In their latest analysis of cybercriminal activities for 2023-2024, specialists indicate that these credentials are predominantly found in the logs of information-stealing malware like LummaC2, Raccoon, and RedLine.

“The incidence of infected devices saw a slight dip in mid- to late summer, yet experienced a notable surge in August and September,” the firm highlights.

From June to October 2023, over 130,000 unique hosts with access to OpenAI ChatGPT were compromised, marking a 36% increase compared to the first five months of 2023. The experts provide the following statistics for the top three stealer families:

  • LummaC2 — 70,484 hosts;
  • Raccoon – 22,468 hosts;
  • RedLine — 15,970 hosts.
More than 225,000 ChatGPT credentials are being sold on the darknet

“The noticeable surge in the number of credentials sold for ChatGPT correlates with an overall increase in hosts infected by information stealers, as the data harvested from these sources is subsequently offered for sale,” experts elucidate.

Researchers highlight that LLMs (such as ChatGPT) can be leveraged by cybercriminals to devise new attack strategies, craft compelling scam and phishing campaigns, and enhance their operational efficiency. Group-IB points out that AI can further aid attackers in accelerating reconnaissance, developing hacking toolkits, and executing fraudulent robocalls.

“In the past, cybercriminals mainly focused on corporate computers and systems that provided network access. Currently, they are shifting their attention to devices with access to AI systems. This shift enables them to scrutinize logs of interactions between company employees and the AI, which can be exploited to uncover sensitive information (for espionage), insights into the company’s internal infrastructure, authentication data (for more devastating attacks), and details about application source code,” Group-IB concludes.

0 / 5

Your page rank:


Subscribe: YouTube page opens in new windowLinkedin page opens in new windowTelegram page opens in new window

Leave a Reply

Your email address will not be published. Required fields are marked *

Post comment