technology

Have you been using ChatGPT? Your details could be on the dark web


Europe was third on the list of hacked devices with ChatGPT credentials between June 2022 and May 2023 (Picture: AFP)

If you’ve used ChatGPT this year, there’s a chance your data could be on the dark web.

While many people have resorted to using ChatGPT to make their work easier, what most of them don’t realise is that everything they discuss with the chatbot is stored by default, making it a prime target for hackers.

Over the past year, 101,134 accounts using ChatGPT have been compromised using information-stealing malware, according to a new report by Group-IB, a Singapore-based cybersecurity firm.

Many of the stolen account credentials have been traded over illicit dark web marketplaces, the report said.

The number of hacked accounts posted on the dark web peaked in May with 26,802 compromised credentials. The Asia-Pacific region was the most badly hit, followed by the Middle East and Africa.

Europe followed on the list of hacked devices with ChatGPT credentials between June 2022 and May 2023.

Be careful what you tell ChatGPT (Picture: Getty Images)

The majority of logs containing ChatGPT accounts were found to have been hacked by a malware called ‘Raccoon info stealer’.

Unauthorised access to ChatGPT accounts may expose confidential or sensitive information, which can be exploited for targeted attacks against companies and their employees.

‘People may not realise that their ChatGPT accounts could in fact hold a great amount of sensitive information that is sought after by cybercriminals,’ said Jake Moore, cyber security advisor at cybersecurity firm ESET.

‘It stores all input requests by default and can be viewed by those with access to the account.’

According to Group-IB’s latest findings, ChatGPT accounts have already gained significant popularity within underground communities.

Logs containing compromised information harvested by info stealers such as the IP address of the compromised host are actively traded on dark web marketplaces.

Info stealers are a type of malware that collects credentials saved in browsers, bank card details, crypto wallet information, cookies, browsing history and other information from browsers installed on infected computers, and then sends all this data to the malware operator.

Stealers can also collect data from instant messengers and emails, along with detailed information about the victim’s device. They work non-selectively and infect as many computers as possible through phishing or other means to collect as much data as possible.

Info stealers focus on stealing digital assets stored on a compromised system looking for essential information such as cryptocurrency wallet records, access credentials and passwords as well as saved browser logins.

‘It might be a wise idea to therefore disable the chat saving feature [on ChatGPT] unless absolutely necessary,’ said Moore.

‘The more data that chatbots are fed, the more they will be attractive to threat actors, so it is also advised to think carefully about what information you input into cloud based chatbots and other services.’



How to stay safe while using ChatGPT


MORE : Hundreds attend ‘soulless’ church service generated by ChatGPT


MORE : Hackers use Royal Family’s website to promote thousands of links to porn and casinos





READ SOURCE

This website uses cookies. By continuing to use this site, you accept our use of cookies.