India has experienced the highest number of ChatGPT account breaches, with over 12,000 accounts being hacked. Cybersecurity firm, Group-IB discovered that since the worldwide launch of the generative AI chatbot, over one lakh ChatGPT credentials have been made available on dark web marketplaces. India and Pakistan are the leaders in reported breaches, with 12,632 and 9,217 hacked accounts, respectively. Millions of users globally signed up to test the super intelligence capabilities of the chatbot, but a portion of these accounts’ credentials were leaked to the dark web. The report reveals that the Asia Pacific had the highest number of ChatGPT accounts stolen by information stealers, with 40.5% of accounts being hacked between June 2022 and May 2023. Europe came in third, with 16,951 instances, while the Middle East and Africa were second with 24,925 accounts.
Group-IB’s threat intelligence platform found the compromised credentials through info stealing malware that was traded on dark web marketplaces in the last year. The company’s research implies that the majority of the ChatGPT credentials up for sale on the dark web belonged to the Asia Pacific. Information stealers are a type of malware that target account data stored on applications such as email clients, web browsers, instant messengers, gaming services and cryptocurrency wallets. The data and credentials stolen by the malware are packaged into archives known as logs and sent back to attackers’ servers for retrieval.
Experts are still unsure as to why India reported the highest number of attacks, although recent reports indicate that India is moving up the rankings regarding cybersecurity breaches. Surfshark, a VPN firm, published a report which placed India as the sixth highest country for cybersecurity breaches.
The ChatGPT breach carries considerable concerns, as accessing a user’s account can reveal proprietary information, internal business strategies, personal communications, software code, and other sensitive data. While it is unclear why India has seen the greatest number of account breaches, it highlights the need for widespread improvement in cybersecurity practices to combat increasing cyber threats.