The dark web has seen a sharp increase in discussions and trades related to OpenAI’s ChatGPT since March 2021. Cybercriminals have taken to the dark web to trade expensive premium accounts, checkers, and brute-forcing tools in order to bypass the platform’s geofencing restrictions, according to a research by Check Point.
Premium accountholders gain unrestricted access to the ChatGPT features, including the ability to bypass geographical restrictions. Some criminals also give out stolen credential information or offer a service to open premium accounts with stolen payment cards.
Check Point research also identified cybercriminals sharing a configuration file for SilverBullet, which enables automated online checks of accounts. Furthermore, “gpt4” has begun selling access to stolen credentials, in addition to providing tools for automated credential stuffing and account hacking.
More recently, an English-speaking cybercriminal revealed a service for lifetime upgrades to ChatGPT Plus through their personal account. On their offer, a buyer can pay $59.99 for a lifetime upgrade, or alternatively, opt for a shared access option that comes with a price tag of just $24.99.
Using a stolen premium account, cybercriminals have the potential to uncover a user’s personal information, including queries made on the platform. The theft is made worse by the fact that ChatGPT was affected by a bug in its Redis client library, which resulted in a data leak and exposed details of 1.2% of its customers.
OpenAI, the company behind ChatGPT, has been issued warnings in both Germany and Italy for noncompliance with data security regulations. The company recently launched a bug bounty program to involve the global cybersecurity community and to address the issue of its AI vulnerabilities.
OpenAI is a technology company specializing in AI development, founded by Microsoft and other leading tech players from the industry in late 2015. It has since been actively developing its AI systems, and has recently been under fire for alleged privacy violations in regards to ChatGPT. The company is currently transitioning to a new, ethically-oriented, non-profit structure, which is supposed to help OpenAI further focus on its mission to generate ethical advancements in the area of artificial intelligence.
The individual mentioned in this article is “gpt4,” an English speaking cybercriminal that has started advertising a ChatGPT Plus lifetime account, promising a 100% satisfaction guarantee. Gpt4 is known for offering various tools that can be used to automate credential stuffing and account hacking, enabling cybercriminals to access stolen ChatGPT accounts.
