Global cybersecurity firm Group-IB discovered more than 100,000 compromised ChatGPT accounts in dark web marketplaces with Asia-Pacific having the highest concentration of ChatGPT credentials being offered for sale over the past year.
The company identified 101,134 stealer-infected devices with saved ChatGPT credentials. Group-IB's threat intelligence platform found these compromised credentials within the logs of info-stealing malware traded in illicit dark web marketplaces over the past year.
The number of available logs containing compromised ChatGPT accounts reached a peak of 26,802 in May.
According to Group-IB's findings, Asia-Pacific saw the largest number of ChatGPT accounts stolen by info stealers (40.5%) between June 2022 and May 2023.
Thailand ranked 13th in the region with an estimated 548 compromised ChatGPT accounts. The top five countries in the region were India (12,632), Pakistan (9,217), Vietnam (4,771), Indonesia (2,555) and Bangladesh (2,463).
The top five countries globally by number of compromised ChatGPT credentials are India (12,632), Pakistan (9,217), Brazil (6,531), Vietnam (4,771) and Egypt (4,588), according to Group-IB.
By default, ChatGPT stores the history of user queries and AI responses. Consequently, unauthorised access to ChatGPT accounts may expose confidential or sensitive information, which can be exploited for targeted attacks against companies and their employees.
"Many enterprises are integrating ChatGPT into their operational flow," said Dmitry Shestakov, head of threat intelligence at Group-IB.
"Employees enter classified correspondence or use the bot to optimise proprietary code. Given that ChatGPT's standard configuration retains all conversations, this could inadvertently offer a trove of sensitive intelligence to threat actors if they obtain account credentials. At Group-IB, we are continuously monitoring underground communities to promptly identify such accounts."
Group-IB's analysis of underground marketplaces revealed that the majority of logs containing ChatGPT accounts have been breached by the Racoon info stealer.
Info stealers are a type of malware that collects credentials saved in browsers, bank card details, crypto wallet information, cookies, browsing history and other information from browsers installed on infected computers, and then sends all this data to the malware operator.
To mitigate the risks associated with compromised ChatGPT accounts, Group-IB advises users to update their passwords regularly and implement two-factor authentication for accessing their ChatGPT accounts.