Over 100,000 login credentials for OpenAI’s AI-powered chatbot ChatGPT have been stolen and leaked onto the dark web.

According to a report from Singapore-based cybersecurity firm Group-IB, the credentials were taken using the Raccoon Infostealer malware, which is activated when a potential victim clicks on a phishing email or receives fraudulent communications on social media or via text messages.

Once infected, the malware collects important login credentials, history, cookies, and even cryptocurrency wallet information from web browsers.

The report detailed that between June 2022 and May 2023, more than 101,000 devices containing compromised logins for the popular AI-powered chatbot were discovered on dark web marketplaces.

The majority of the 41,000 stolen credentials belonged to users from the Asia-Pacific region.

Experts have described the Raccoon Infostealer malware as one of the most common forms of cyberattacks in use at present.

Due to their simplicity and effectiveness, they have become a major source of personal data for those looking to profit from stolen information.

“This type of malware infects as many computers as possible through phishing or other means in order to collect as much data as possible,” Group-IB wrote in a press release co-authored with ChatGPT.

“Info stealers have emerged as a major source of compromised personal data due to their simplicity and effectiveness.”

OpenAI is Not to Blame For the Leak of User Credentials

Shestakov said it appears that accounts ChatGPT employing a “direct authentication method” were mostly exploited.

However, he claimed OpenAI is not to blame for the exploited logins.

“The identified logs containing saved ChatGPT credentials is not a result of any weaknesses of ChatGPT’s infrastructure,” he reportedly said.

The research also warned that the surge in the use of ChatGPT for work poses a significant threat to confidential information about companies because user queries and chat history are stored by default.

The confidential information can then be utilized by cybercriminals to undertake attacks against firms or individual employees.

“Consequently, unauthorized access to ChatGPT accounts may expose confidential or sensitive information, which can be exploited for targeted attacks against companies and their employees,” the report said.

The figures revealed in the report showed that in May of this year, cybercriminals sold nearly 27,000 ChatGPT logins that they had stolen online.

Group-IB advises ChatGPT users to regularly update their passwords and to use two-factor authentication on their accounts to add an extra layer of security.

Samsung Bans Generative AI After Internal Data Leak

Last month, Samsung announced a temporary ban on the use of generative AI tools like ChatGPT on company-owned devices after some staff allegedly uploaded sensitive data on ChatGPT.

The ban covers all generative AI tools like ChatGPT and Google Bard as well as platforms like Microsoft Bing which uses ChatGPT.

According to data accumulated by Statista, between April 9 to 15 this year, 319 cases of sensitive data leaking on ChatGPT were spotted per each 100,000 employees.

The figure had increased by around 60% compared to an observation between February and March 2023.

The second-most common type of confidential data shared on ChatGPT was source code, with 278 cases per 100,000 employees.

Image Source: Statista

Over similar concerns, China’s payment & clearing industry association has warned against uploading confidential documents to OpenAI’s ChatGPT and other AI tools, citing risks such as “cross-border data leaks.”

The association, governed by China’s central bank, cautioned payment industry staff to avoid uploading data concerning the country, the financial industry, and their companies, including customer information and codes in the payment and settlement infrastructure into AI chatbots.

Read More:

What's the Best Crypto to Buy Now?

  • B2C Listed the Top Rated Cryptocurrencies for 2023
  • Get Early Access to Presales & Private Sales
  • KYC Verified & Audited, Public Teams
  • Most Voted for Tokens on CoinSniper
  • Upcoming Listings on Exchanges, NFT Drops