Over 100,000 users of the AI chatbot, ChatGPT, have potentially fallen victim to scams or hacks, with India becoming the most affected nation, revealed by Group-IB, a Singaporean cybersecurity company. The firm’s investigation identified that 101,134 machines have had their stored ChatGPT credentials compromised, which can lead to phishing attempts. The data of users’ email addresses, passwords, and phone numbers were exposed, even if the hijacked ChatGPT accounts don’t reveal financial information. The report also shows that hacked credentials are being traded on dark web markets. Consequently, malicious hackers can gain access to sensitive information through compromised ChatGPT accounts to use it in subsequent assaults on the targeted organization and its personnel.
The cybercriminals employing info-stealing malware to obtain users’ passwords have used malware intending to steal login passwords saved in browsers, credit card details, cryptocurrency wallet information, cookies, and browsing history. Users in Asia and the Pacific are the most affected by cybercrime, with nearly 40.5% of these user accounts being impacted, according to the study. The number of hacked ChatGPT accounts in India is 12632, making it the worst affected. Pakistan comes second with 9,217 hacked ChatGPT accounts. Meanwhile, ChatGPT users in Brazil, Vietnam, and Egypt were among the most affected by the hacking.
Although ChatGPT credentials may not expose financial information, hackers may gain access to past conversations with the AI chatbot. Chat GPT saves the history of user inquiries and AI replies by default. The report states that malicious actors may obtain critical information through compromised ChatGPT accounts and use it in subsequent assaults on the targeted organization and its personnel.
As a result, users must be cautious while using the AI chatbot, which might often include clicking on suspicious links or installing infected software. Therefore, ChatGPT users must conduct the necessary safety measures to protect themselves from unwanted cybercrimes, reducing the chances of falling victim to these acts.
