Over 100,000 ChatGPT users could be at risk of fraud and cyberattacks, according to a recent report by Singapore-based cybersecurity firm Group-IB. Hackers have breached 1,01,134 devices with saved ChatGPT credentials, and compromised credentials have been sold on dark web marketplaces over the last year. While compromised ChatGPT accounts may not reveal critical bank information, user information such as email, passwords, and phone numbers could still be vulnerable to phishing attacks.
The report also revealed that India tops the list of the most compromised ChatGPT accounts, with 12,632 accounts affected. The Asia-Pacific region is the most affected by cyber attacks, with nearly 40.5% of users affected by the breach. Pakistan is next, with 9,217 compromised accounts. Globally, ChatGPT users in Brazil, Vietnam, and Egypt have been widely affected by the breach.
Hackers used info-stealing malware to steal users’ credentials, according to Group-IB. The post highlights that info-stealing malware collects browser credentials, bank card details, crypto wallet information, cookies, browsing history, and other information from infected devices. Users may unknowingly download the malware by clicking on suspect links or downloading malware-infected software.
Group-IB warns that hackers can access saved chats with the AI chatbot, revealing confidential or sensitive information that can be exploited for targeted attacks against companies and their employees. Similarly, compromised accounts may also reveal user passwords, which is a cause for concern. Password reuse is also a concern, as users tend to reuse passwords across multiple sites. Therefore, if a user’s ChatGPT account credentials are compromised, it’s possible that other accounts may be at risk if users reused their ChatGPT password elsewhere.
To mitigate these risks, Group-IB advises ChatGPT users to update their account passwords. If the same password is used for other platforms such as Gmail or Facebook, it’s advisable to enable two-factor authentication (2FA) to add an extra layer of security. It is also recommended not to download applications from untrusted developers and avoid clicking on suspicious web links. Being mindful of these security measures can help prevent fraud and cyberattacks.
