100K ChatGPT logins have been leaked on dark web, cybersecurity firm warns
The compromised accounts could give bad actors confidential information about companies and individuals.
Over the past year, more than 100,000 login credentials to the popular artificial intelligence chatbot ChatGPT have been leaked and traded on the dark web, according to a Singaporean cybersecurity firm.
A June 20 blog post by Group-IB revealed just over 101,000 compromised logins for OpenAI’s flagship bot have traded on dark web marketplaces between June 2022 and May 2023.
The login information was found in the logs of “info-stealing malware.” May 2023 saw a peak of nearly 27,000 ChatGPT-related credentials made available on online black markets.
According to our findings, the Asia-Pacific region has experienced the highest concentration of ChatGPT credentials being offered for sale. pic.twitter.com/s3TbsntCgX
— Group-IB Threat Intelligence (@GroupIB_TI) June 20, 2023
The Asia-Pacific region had the highest amount of compromised logins for sale over the past year, making up around 40% of the nearly 100,000 figure.
Indian-based credentials took the top spot overall with over 12,500 and the United States had the sixth most logins leaked online at nearly 3,000. France was seventh overall behind the U.S. and took the pole position for Europe.
ChatGPT accounts can be created directly through OpenAI. Additionally, users can choose to use their Google, Microsoft or Apple accounts to login and use the service.
Cointelegraph contacted OpenAI for comment but did not immediately receive a response.
Related: How AI is changing the way humans interact with machines
Group-IB said it noticed an uptick in the number of employees using ChatGPT for work. It warned confidential information about companies could be exposed by unauthorized users as user queries and chat history is stored by default.
Such information could then be exploited by others to undertake attacks against companies or individual employees.
The firm advised users to regularly update passwords and use two-factor authentication to better secure ChatGPT accounts.
Interestingly, the firm noted that the press release was written with the assistance of ChatGPT.
AI Eye: Is AI a nuke-level threat? Why AI fields all advance at once, dumb pic puns