• Sat. Apr 13th, 2024

100k+ ChatGPT Logins Exposed

Avatar photo

ByHarper Stewart

Jul 18, 2023
100k+ ChatGPT Logins Exposed
Harper Stewart
Latest posts by Harper Stewart (see all)

Recently, it was discovered that more than 101,000 malware-infected PCs had ChatGPT login credentials that came from the infamous Racoon Infostealer. With a substantial fraction coming from Asia, the Darknet marketplaces have developed into a hub for the sale of these hacked accounts.

ChatGPT Logins Exposed: Info-Stealer Malware Jeopardizes Data Security

By finding and decoding saved login credentials in online browsers, a clever MaaS called Racoon Infostealer gathers data. Cybercriminals place a high value on the retrieved data from ChatGPT sessions, which frequently contains private and sensitive information. The security of financial information is jeopardized and opportunities are opened for future extortion.

Technological giants Google and Samsung have taken preemptive measures by forbidding software engineers from adding code to ChatGPT in order to reduce the danger of company data breach and weaknesses in private codebases.

The detection of ChatGPT credentials in information-stealing malware has witnessed a surge, reflecting the increasing popularity of the software. Group-IB, which first identified this trend in June 2022, reports a significant rise in detections, with Vidar and Redline MaaS products also found to contain ChatGPT credentials alongside Racoon Infostealer.

Here’s what Dmitry Shestakov, Head of Threat Intelligence at Group-IB, said:

“Numerous organizations have seamlessly incorporated ChatGPT into their workflow. Whether employees engage in confidential communications or leverage the bot to enhance proprietary code, it’s important to note that ChatGPT’s default settings retain complete conversation logs.”

This inadvertently poses a significant risk, as compromised account credentials could potentially provide threat actors with a treasure trove of sensitive intelligence.

Ukrainian national Mark Sokolovsky, the alleged mastermind behind Racoon Infostealer, faced legal consequences following his arrest in the Netherlands. An October 2022 US federal indictment revealed Sokolovsky’s involvement, highlighting his monthly payments of $200 in cryptocurrencies to license access to the virus. He now faces three counts of conspiracy, potentially leading to a maximum penalty of 20 years.

Avatar photo

Harper Stewart

With a deep understanding of the complexities of the Dark Web, Harper curates informative and thought-provoking content for our readers. Her knowledge of the hidden corners of the internet and cybersecurity helps shed light on the often mysterious and illicit activities that take place in this realm.