Cybersecurity firm Group-IB has identified a potential leak of over 100,000 ChatGPT account credentials on the dark web. The compromised data reportedly belongs to users who logged in between June 2022 and May 2023, suggesting an ongoing issue.
The leak affects users across various regions, with the highest concentrations in the U.S., France, Morocco, Indonesia, Pakistan, and Brazil. While the exact cause remains unclear, experts suggest it might be a collection of compromised accounts rather than a targeted attack on ChatGPT itself.
“The number of available logs containing compromised ChatGPT accounts peaked in May 2023,” said a Group-IB specialist. “The Asia-Pacific region has seen the most significant number of compromised credentials offered for sale.”
The leaked data appears to be part of logs containing information harvested by malware families specialising in stealing user credentials. A particularly prominent malware called Raccoon is suspected to be responsible for compromising over 78,000 accounts.
Experts warn that this ease of access to powerful info-stealing tools like Raccoon is contributing to a rise in cybercrime incidents. These stolen credentials grant access not only to personal information but also to potentially sensitive content stored within ChatGPT chats.
“Business plans, app development secrets, malware development discussions, and even personal diaries could be exposed,” the report states. “ChatGPT accounts can contain a wealth of sensitive information, making them a prime target for attackers.”
This incident highlights the importance of strong password hygiene and cybersecurity best practices. Users are urged to be cautious about installing plugins, utilize strong and unique passwords, enable two-factor authentication (2FA) for added security, and remain vigilant against potential phishing attempts.
