A cyber intelligence company has reported that over 100,000 ChatGPT user accounts have been attacked by dangerous AI-powered malware in the past year. Information-stealing logs from compromised ChatGPT accounts were found on various underground websites between June 2022 and May 2023. Cybercrime firm Group-IB discovered that the number of stealer logs consistently increased during this period, with a peak in May 2023 where hackers posted over 26,800 new ChatGPT credential pairs. The malware targets account data on applications such as email clients, web browsers, and instant messengers.
The Asia-Pacific region was the most targeted, with nearly 41,000 compromised accounts using the AI system during the observed period. Europe had around 17,000 compromised ChatGPT accounts, while North America had 4,700. Criminals can use the stolen credentials to access confidential information on important business strategies, personal conversations, and software codes.
Many companies integrate ChatGPT into their operational flow, allowing employees to enter classified correspondence or use the bot to optimize proprietary codes. However, this can inadvertently offer a trove of sensitive intelligence to terrorists if they obtain the credentials. Tech giants like Samsung have reportedly banned staff from using ChatGPT on work computers due to concerns about the security of the AI-powered tool.
Cybersecurity experts recommend disabling the chat-saving feature in the platform’s settings menu or manually deleting the conversations to avoid compromising sensitive information. However, info stealers could still screenshot infected systems or perform keylogging to cause a data leak, even if users take the necessary precautions. Experts advise anyone working with extremely sensitive information to input it only on secured locally-built and self-hosted tools, rather than cloud-based services.
In summary, it is important for ChatGPT users to be cautious and mindful about these security concerns. They must take the necessary steps to protect their sensitive information and be aware of the risks posed by the AI-powered malware.
