A recent report by cybersecurity firm Group-IB has revealed that over 100,000 ChatGPT accounts have been hacked and are now available for sale on the dark web. ChatGPT is the platform that many businesses integrate generative AI solutions with to streamline their operations. However, sensitive company data is being disclosed into these AI bots, leading to the theft of corporations’ intellectual property and data breaches.
Hackers utilize phishing campaigns to steal sensitive user information such as credentials saved in browsers, bank card details, cookies, browsing history, crypto wallet data, etc. Once they have access, they can eavesdrop on classified correspondences or proprietary codes to obtain sensitive intelligence.
The number of available logs and jeopardized ChatGPT accounts hit an all-time high in May 2023, with over 26,802 stolen login credentials. This is a significant increase compared to June 2022, when only 74 stealer logs were recorded. The report also showed that the Asia-Pacific region had the highest concentration of ChatGPT credentials being offered for sale on the dark web.
These findings have spurred Group-IB to warn companies of the serious danger posed by sharing sensitive information in an unsecured bot. Inadvertent disclosure of crucial information to threat actors can lead to an organization’s severe consequences, including financial loss, loss of reputation, and lawsuits.
This news underscores the importance of businesses’ cyber safety measures and the need for employees to maintain vigilance when sharing data online. It is recommended that organizations employ two-factor authentication and train employees in phishing awareness, among other precautions. By doing so, corporations can mitigate the damage caused by data breaches and protect their intellectual property.
