Compromised ChatGPT accounts are for sale on dark web

Over 100,000 ChatGPT credentials are currently being traded on the dark market. Given that employees increasingly rely on AI to boost productivity, the compromised credentials could lead threat actors to a treasure trove of data.

15% of employees regularly post company data into ChatGPT, and a quarter of that data is sensitive. Workers paste internal business data, source code, regulated personally identifiable information, and customer data.

No wonder experts are sounding the alarm bells. In the wrong hands, this could lead to serious repercussions for businesses and individuals, from reputational damage to significant financial loss.

A new report by cybersecurity company Group-IB illustrates that it’s relatively easy for threat actors to gain access to the data. Over the past year, experts found over 100,000 compromised credentials within the logs of info-stealing malware traded on illicit dark web marketplaces.

ChatGPT compromised credentials

Computers are often infected with info-stealers via phishing campaigns. As its name suggests, this type of malware collects credentials saved in browsers, bank card details, crypto wallet information, cookies, browsing history, and other information.

“Employees enter classified correspondences or use the bot to optimize proprietary code. Given that ChatGPT's standard configuration retains all conversations, this could inadvertently offer a trove of sensitive intelligence to threat actors if they obtain account credentials,” said Dmitry Shestakov, Head of Threat Intelligence at Group-IB.

Recognizing the risk, some companies, such as Samsung, have banned the use of ChatGPT and other generative AI tools.

Yet it seems there’s no stopping workers’ love for ChatGPT. A recent Github survey revealed that a whopping 92% of developers use AI in an attempt to prevent burnout and increase productivity.

To protect your credentials, we recommend updating your passwords regularly and implementing two-factor authentication. With the 2FA enabled, you’ll at least get a notification on your device alerting you that someone is trying to access your ChatGPT account.