ChatGPT has been struck by a large-scale account compromise, raising concerns for its millions of users worldwide. A recent report by Group-IB, a leading cybersecurity firm headquartered in Singapore, revealed a disturbing trend – over 100,000 stolen login credentials for ChatGPT accounts surfaced on dark web marketplaces between June 2022 and May 2023.
This security breach highlights the vulnerability of user accounts on popular online platforms. Group-IB’s investigation traced the compromised accounts back to devices infected with information-stealing malware. This malicious software operates silently in the background, specifically targeting valuable data stored on user devices. Passwords, browsing history, and even sensitive financial information like bank card details or crypto wallet information are all within reach for these information stealers. The malware can also infiltrate other applications, such as instant messaging apps and email clients, further expanding the potential scope of the data breach.
The report also sheds light on the geographical distribution of the compromised accounts. The Asia Pacific region emerged as the most affected, accounting for over 40% of the total incidents recorded during the investigated period. Within this region, India bore the brunt of the attack, with a staggering 12,632 compromised accounts. Pakistan wasn’t far behind, with over 9,200 accounts compromised. While the number of affected users in other regions was lower, the report still identified compromised accounts in the Middle East and Africa, Europe, and even Bangladesh.
To safeguard user accounts and minimize the risks associated with this large-scale compromise, Group-IB urges all ChatGPT users to take immediate action. Regularly updating passwords and enabling two-factor authentication (2FA) are crucial steps in fortifying account security. 2FA adds an extra layer of protection by requiring a secondary verification code, typically sent to a user’s mobile device, before granting access to the account. By implementing these simple measures, users can significantly reduce the risk of unauthorized access to their ChatGPT accounts.
