Over 100,000 ChatGPT Accounts Stolen by Malware

A staggering number of over 101,000 ChatGPT user accounts have fallen victim to malware attacks in the past year, according to a source.

Identification of Cyberattacks According to Bleeping Computer

Group-IB, a renowned cybersecurity company, has successfully identified these cyberattacks on various clandestine websites where ChatGPT accounts were found. The peak of these attacks occurred in May 2023, during which threat actors unveiled approximately 26,800 new sets of ChatGPT credentials.

Regional Impact

When examining the regions most heavily targeted, the Asia-Pacific region suffered the most with nearly 41,000 compromised accounts between June 2022 and May 2023.

Europe followed with nearly 17,000 compromised accounts, while North America ranked fifth with 4,700 accounts compromised.

Insights from Cybersecurity Expert

Benoit Grunewald, an expert in cybersecurity at ESET France, expressed his concerns regarding ChatGPT users’ lack of awareness regarding the significant amount of sensitive information stored in their accounts, which cybercriminals actively seek.

He emphasized that ChatGPT, by default, stores all input requests, allowing access to individuals who have account privileges.

Grunewald further noted that information thieves are increasingly involved in compromising ChatGPT and even employ it as a service in their malware attacks.

These information thieves primarily target valuable digital assets stored within compromised systems, focusing on critical information such as cryptocurrency wallet records, login credentials, and saved browser logins.

Enhancing Security Measures

Grunewald highlighted the vulnerability of the service due to the unavailability of two-factor authentication/multi-factor authentication (2FA/MFA) for regular users with free access. To mitigate risks, he recommended disabling the chat logging feature unless absolutely necessary.

Instead, users should opt for trusted single sign-on options such as Google, Microsoft, or Apple, which incorporate 2FA. He cautioned that as chatbots receive more data, they become increasingly attractive targets for threat actors.

Users are therefore advised to exercise caution when entering information into chatbots and other cloud-based services.

By prioritizing security measures and making informed choices, users can protect their valuable information from falling into the wrong hands.