If you’ve used ChatGPT this year, there’s a chance your data could be on the dark web.
While many people have resorted to using ChatGPT to make their work easier, what most of them don’t realise is that everything they discuss with the chatbot is stored by default, making it a prime target for hackers.
Over the past year, 101,134 accounts using ChatGPT have been compromised using information-stealing malware, according to a new report by Group-IB, a Singapore-based cybersecurity firm.
Many of the stolen account credentials have been traded over illicit dark web marketplaces, the report said.
The number of hacked accounts posted on the dark web peaked in May with 26,802 compromised credentials. The Asia-Pacific region was the most badly hit, followed by the Middle East and Africa.
Europe followed on the list of hacked devices with ChatGPT credentials between June 2022 and May 2023.
The majority of logs containing ChatGPT accounts were found to have been hacked by a malware called ‘Raccoon info stealer’.
Unauthorised access to ChatGPT accounts may expose confidential or sensitive information, which can be exploited for targeted attacks against companies and their employees.
‘People may not realise that their ChatGPT accounts could in fact hold a great amount of sensitive information that is sought after by cybercriminals,’ said Jake Moore, cyber security advisor at cybersecurity firm ESET.
‘It stores all input requests by default and can be viewed by those with access to the account.’
According to Group-IB’s latest findings, ChatGPT accounts have already gained significant popularity within underground communities.
What is Raccoon info stealer?
Raccoon info stealer (AKA Racealer) is a simple but popular, effective, and inexpensive Malware-as-a-Service (MaaS) sold on Dark Web forums.
Logs containing compromised information harvested by info stealers such as the IP address of the compromised host are actively traded on dark web marketplaces.
Info stealers are a type of malware that collects credentials saved in browsers, bank card details, crypto wallet information, cookies, browsing history and other information from browsers installed on infected computers, and then sends all this data to the malware operator.
Stealers can also collect data from instant messengers and emails, along with detailed information about the victim’s device. They work non-selectively and infect as many computers as possible through phishing or other means to collect as much data as possible.
Info stealers focus on stealing digital assets stored on a compromised system looking for essential information such as cryptocurrency wallet records, access credentials and passwords as well as saved browser logins.
‘It might be a wise idea to therefore disable the chat saving feature [on ChatGPT] unless absolutely necessary,’ said Moore.
‘The more data that chatbots are fed, the more they will be attractive to threat actors, so it is also advised to think carefully about what information you input into cloud based chatbots and other services.’
How to stay safe while using ChatGPT
To mitigate the risks associated with compromised ChatGPT accounts, users have been advised to update their passwords regularly and implement two-factor authentication (2FA).
With 2FA, users are required to provide an additional verification code, typically sent to their mobile devices, before accessing their ChatGPT accounts.
Another precaution is to switch off ‘Chat History & Training’ in GhatGPT’s settings.
MORE : Hundreds attend ‘soulless’ church service generated by ChatGPT
MORE : Hackers use Royal Family’s website to promote thousands of links to porn and casinos