According to Singapore’s cybersecurity company and Group-IB, over 100,000 OpenAI ChatGPT account login credentials have been compromised and appeared on dark web forums between June 2022 and May 2023.
Notably, the Asia-Pacific region had the highest number of compromised login credentials for the past year, accounting for approximately 40%. Among them, India alone had 12,632 stolen login credentials. Additionally, other countries with a significant number of compromised ChatGPT login credentials include Pakistan, Brazil, Vietnam, Egypt, United States, France, Morocco, Indonesia, and Bangladesh.
The investigation results revealed that a majority of the ChatGPT account logs were compromised by well-known information-stealing malware such as Raccoon, followed by Vidar and RedLine.
In fact, ChatGPT accounts can be created directly through OpenAI. Additionally, users have the option to sign in and use the service using their Google, Microsoft, or Apple accounts. This makes it easier for cybercriminals to utilize information-stealing tools to compromise passwords, cookies, credit card details, and other information from browsers and electronic wallet utilities.
To mitigate risks, users should adhere to appropriate password management practices and protect their accounts with two-factor authentication (2FA) to prevent account takeover attacks.