More than 100,000 ChatGPT account credentials have been leaked, according to a report by the Singapore-based cybersecurity company Group-IB. With user credentials finding their way to the dark web, the chat history – often containing personal info – of thousands of ChatGPT users is now publicly accessible.
The majority of the 100,000 users belong to India, with reports revealing more than 12,000 stolen credentials traced back to the South Asian country. Other countries that bore the brunt of this breach include Pakistan, Bangladesh, Brazil, the USA, Indonesia, and Vietnam. While this cyberattack indicates lackluster security measures on behalf of OpenAI, it also highlights the vast majority of the global population adopting this AI-powered chatbot.
Sounding the alarm bells, Group-IB has claimed that the availability of leaked accounts on the dark web means that most of the exposed user credentials have already found their way to the buyers, most possibly having malicious intent. In an ever more damning claim, Group-IB said that information such as IP addresses and lists of domains, apart from user credentials, is now available on dark web.
As per the initial reports, perpetrators used a special type of malware known as “Info Stealer” to loot users’ personal information. Info stealers have gained immense popularity owing to their ability to steal information from browsers as well as crypto wallets secretly.
It is pertinent to mention that this is not the first security breach involving ChatGPT. Not long ago, an undetected bug in ChatGPT’s code exposed some users’ chat history as other users could see that conversation. Soon after the defect became public, OpenAI momentarily removed the chat history feature. Since then, the voices demanding that OpenAI enhances its security features have become louder.
