OpenAI has retaliated after over 100,000 user accounts were leaked to the dark web, with more expected.
A representative of the company behind the hugely popular AI writer ChatGPT told Tom’s Hardware that it uses industry-standard security practices and that the leak was “the result of commodity malware on users’ devices and not a violation of OpenAI”.
They added: “We are currently investigating the accounts that have been exposed. OpenAI maintains industry best practices for authenticating and authorizing users to access services such as ChatGPT, and we encourage our users to use strong passwords and only install verified and trusted software on computers personal.
Racoon, Vidar, RedLine
Cybersecurity firm Group-IB detailed the leak in its Threat Intelligence report, finding that the stolen credentials belonged to users who logged into ChatGPT anytime between June 2022 and May 2023, along with other leaks. from this month and the following months as well.
Group-IB also added that the May logs had the highest number of compromised ChatGPT accounts and that the Asia-Pacific region has the highest concentration of credentials for sale.
Additional information in the logs containing ChatGPT accounts includes lists of domains visited and user IP addresses.
Most of the leaked credentials were found in logs that were hacked using various related info thieves, one of which is the infamous Racoon, who was used to compromise 78,348 accounts.
Racoon is particularly dangerous due to its popularity and ease of use. Threat actors can pay a subscription to use it, and no real technical skills are required to use it. Like other information stealers, Racoon also comes with other dangerous features that allow cyber criminals to launch further attacks automatically.
The Vidar malware was also used to steal ChatGPT accounts, although it was responsible for far fewer than Racoon, which was only used to access 12,984 accounts. RedLine malware followed with 6,773 accounts down.
Access to logs also means that bad actors also have access to your conversation history with the chatbot, which could be particularly damaging if you use it at work and share trade secrets with it.
OpenAI Says It’s Your Fault Your ChatGPT Account Was Hacked
- Bless This TV Series’ Beautiful, Bonkers Twists
- Fraudulent Forms Frenzy: Michigan Officials Seek FBI Help in 2020 Voter Registration Investigation | Wayne Dupree
- Keith Thompson Bio, Wiki, Age, Wife, WWMT-TV, and Net Worth
- Body Language Expert Notices Meghan Markle Become ‘Nervous’ When She Wasn’t Getting Prince Harry’s Full Attention and Had to ‘Take a Backseat’
- The Project stars poke fun at their own network after sharing footage of a woman snubbing a Channel 10 reporter ‘because they’re not from Channel Seven’