OpenAI has hit back after more than 100,000 user accounts were leaked on the dark web, with more expected to come.
A representative from the company behind the highly popular AI writer ChatGPT told Tom’s Hardware that it employs industry-standard security practices, and that the leak is “the result of commodity malware on people’s devices and not an OpenAI breach.”
They added that, “We are currently investigating the accounts that have been exposed. OpenAI maintains industry best practices for authenticating and authorizing users to services including ChatGPT, and we encourage our users to use strong passwords and install only verified and trusted software to personal computers.”
Racoon, Vidar, RedLine
Cybersecurity firm Group-IB detailed the leak in its Threat Intelligence report, finding that the stolen credentials belonged to users who logged into ChatGPT at any point between June 2022 and May 2023, with more predicated to leak from this and following months too.
Group-IB also added that logs from May contained the highest number of compromised ChatGPT accounts, and that the Asia-Pacific region has the highest concentration of credentials up for sale.
Additional information in the logs that contained the ChatGPT accounts include lists of domains visited and the IP addresses of the users.
Most of the leaked credentials were found within logs that were breached using various related info stealers, one of which being the infamous Racoon, which was used to compromise 78,348 accounts.
Racoon is particularly dangerous due to its popularity and ease of use. Threat actors can pay a subscription to use it, and there are no real technical skills required to use it. Like other info stealers, Racoon also comes with other dangerous capabilities that allow cybercriminals to launch subsequent attacks automatically.
Vidar malware was also used to steal ChatGPT accounts, although it was responsible for far less than Racoon, only used to access 12,984 accounts. RedLine malware followed with 6,773 accounts falling to its ways.
Access to the logs also means that bad actors have access to your conversation history with the chatbot too, which could be especially damaging if you are using it at work and sharing trade secrets with it.
