ChatGPT Users Hacked: Credentials Sold on Dark Web

According to Group-IB, between January and October 2023, the darknet saw the sale of over 225,000 logs containing compromised user credentials for ChatGPT. These credentials were found in the logs of info-stealers such as LummaC2, Raccoon, and RedLine.

Group-IB observed a slight decrease in infected devices during the mid and late summer, yet a significant increase was noted between August and September. From June to October 2023, more than 130,000 unique hosts with access to ChatGPT were infected, marking a 36% increase compared to the first five months of 2023. The distribution among the three primary malware families is as follows:

• LummaC2 – 70,484 hosts;
• Raccoon – 22,468 hosts;
• RedLine – 15,970 hosts.

The rise in the number of ChatGPT credentials available for sale is linked to the overall increase in the number of infected hosts, the data from which are subsequently sold on the darknet.

Group-IB notes that cybercriminals might exploit language models to devise new cyberattack methodologies, craft convincing phishing emails, and enhance operational efficiency. This technology could also accelerate reconnaissance, facilitate the use of hacking tools, and make fraudulent automated calls more effective.

Malicious actors have traditionally shown interest in corporate devices and gaining access that allows them to navigate networks. Now, hackers are also focusing on devices with access to public AI systems. Such tactics provide access to logs of communication between employees and systems, which can be used to search for confidential information, details about internal infrastructure, authentication data, and source code of applications.