ChatGPT credential theft: more than 100,000 cases in 2022-2023
Information thieves expose numerous OpenAI ChatGPT credentials on dark web markets, with India and Asia-Pacific particularly affected
In the period between June 2022 and May 2023, over 101,100 compromised OpenAI ChatGPT credentials were found on illicit dark web marketplaces. India has been particularly affected by this issue, alone accounting for 12,632 stolen credentials. These credentials were traced to information theft records made available for sale in the cybercrime underground, Group-IB reported in a report shared with The Hacker News.
Maximum concentration of compromised credentials in the Asia-Pacific region
The number of available logs containing compromised ChatGPT credentials peaked at 26,802 in May 2023, the Singapore-based company reported. The Asia-Pacific region has seen the highest concentration of ChatGPT credentials offered for sale in the last year. Other countries with the highest number of compromised ChatGPT credentials include Pakistan, Brazil, Vietnam, Egypt, the United States, France, Morocco, Indonesia, and Bangladesh.
Role of information thieves in credential theft
Further analysis revealed that the majority of registries containing ChatGPT accounts were hacked by notorious information thief Raccoon (78,348), followed by Vidar (12,984) and RedLine (6,773). Information thieves have become popular among cybercriminals for their ability to hijack passwords, cookies, credit cards and other information from browsers and cryptocurrency wallet extensions. “Logs containing compromised information gathered by information thieves are actively traded on dark web marketplaces,” Group-IB said.
Risk mitigation measures and ongoing attacks
To mitigate these risks, users are advised to follow proper password hygiene practices and secure their accounts with two-factor authentication (2FA) to prevent account takeover attacks. This issue is co-emerging with an ongoing malware campaign that exploits fake OnlyFans pages and adult content scams to distribute a remote access trojan and information stealer called DCRat (or DarkCrystal RAT), a modified version of AsyncRAT. “In the observed examples, victims were tricked into downloading ZIP files containing a VBScript loader that is run manually,” eSentire researchers said, noting that the activity has been ongoing since January 2023.
Follow us on Facebook for more pills like this06/21/2023 07:00
Editorial AI