More than 100,000 login credentials for OpenAI’s ChatGPT artificial intelligence chatbot have been leaked to the dark web, according to a report this week from Group-IB, a cybersecurity firm based in Singapore.
Group-IB wrote that credential theft began in June 2022 but peaked with 26,802 stolen logins in May 2023. The theft, the report said, was orchestrated by the Raccoon Infostealer malware, which victims downloaded after received a phishing email.
Once infected, the malware collects login credentials, history, and cookies stored in web browsers. Group-IB said it could also include crypto wallet information. According to blockchain analytics firm Chainalysis, more than $3 billion in cryptocurrency was stolen in 2022 alone.
One of the most common forms of cyberattacks, phishing attacks, comes in the form of email, text messages, or social media messages and involves sending fraudulent communications such as texts and social media messages that appear to be from in a reputable source.
“This type of malware affects as many computers as possible through phishing or other means to collect as much data as possible,” wrote Group-IB in a press release co-authored by ChatGPT . “Information thieves have emerged as a major source of compromised personal data due to their simplicity and effectiveness.”
In its report, Group-IB wrote that most of the stolen ChatGPT credentials, about 41,000 of them, came from the Asia-Pacific region. Group-IB recommends users to update their passwords and use two-factor authentication on their accounts.
Earlier this month, OpenAI pledged $1 million to AI cybersecurity initiatives.
In October 2022, the US Attorney’s Office for the Western District of Texas unsealed indictments from the Department of Justice against Mark Sokolovsky for his alleged role in Raccoon Infostealer, which the agency called an international cybercrime operation. .
The software is offered as “malware-as-a-service” (MaaS), which allows users to rent access to restricted tools for a monthly fee.
According to DOJ documents, Sokolovsky was charged with one count of conspiracy to commit computer fraud; one count of conspiracy to commit wire fraud; one count of conspiracy to commit money laundering; and one count of aggravated identity theft.
The Amsterdam District Court authorized Sokolovsky’s extradition to the United States for trial on September 13, 2022. If convicted, Sokolovsky faces up to 20 years in federal prison.
OpenAI, Group-IB, and the US Department of Justice have yet to respond Decrypts request for comment.
