Over 100,000 login credentials for OpenAI’s ChatGPT artificial intelligence chatbot found their way onto the dark web, presenting a major concern for cybersecurity. This information was revealed by Singapore-based cybersecurity firm Group-IB in a report. Interestingly, the credential theft started in June 2022 but hit its peak in May 2023 with 26,802 stolen logins. The report identified the Raccoon Infostealer malware as the main culprit in the theft, which victims unknowingly downloaded following a phishing email.
Once infected, the malware collects data such as login credentials, browser history, and cookies, potentially including crypto wallet information. An alarming fact is that according to Chainalysis, over $3 billion in cryptocurrency was stolen in 2022. Cybersecurity experts have recognized phishing attacks, which are rampant in email, text messages, and messages on social media, as one of the most common forms of cyberattacks. Often, they involve the sending of fraudulent communications designed to appear as coming from a reputable source.
To make matters worse, malicious actors seem to be creating malware with a focus on a wider reach in order to gather as much data as possible. Group-IB, in a press release co-authored with ChatGPT, highlighted the simplicity and effectiveness of info stealers which have emerged as major sources of compromised personal data. In their report, Group-IB noted that the majority of stolen ChatGPT credentials, amounting to about 41,000, were from the Asia-Pacific region.
While users are urged to employ measures such as updating their passwords and using two-factor authentication to protect their accounts, cybersecurity firms and related organizations are taking action. Recently, OpenAI committed $1 million towards AI cybersecurity initiatives.
In relation to the Raccoon Infostealer malware, the U.S. Department of Justice (DOJ) indicted Mark Sokolovsky for his alleged involvement in the internationally organized cybercrime operation. The indictment charges included conspiracy to commit computer fraud, wire fraud, money laundering, and aggravated identity theft. Sokolovsky’s extradition to the United States was granted by the Amsterdam District Court and, if convicted, he could face up to 20 years in federal prison.
As the digital world continues to grow, the inherent risk of cybercrimes poses a major challenge. Both individuals and organizations must take necessary security precautions and stay informed about potential threats. At the same time, authorities and cybersecurity firms are working diligently to combat and bring perpetrators to justice.
Source: Decrypt