Title: Thousands of OpenAI Credentials for Sale on Dark Web, Raising Concerns of Data Breaches
The interest in artificial intelligence tools on the dark web has surged as cybercriminals seek to obtain users’ sensitive data, according to experts. Flare, a threat exposure management company, has discovered over 200,000 OpenAI credentials available for purchase on the dark web. With the potential to unlock confidential company information and personal data, these credentials pose a significant risk.
The exposure of these credentials is attributed to info-stealing malware, which likely contains additional information never intended to be accessed by unauthorized individuals. While the number of compromised credentials is relatively small compared to the estimated 100 million ChatGPT users, it marks a substantial increase from the approximately 101,000 credentials identified within the logs of info-stealing malware in June.
Furthermore, an alternative malicious version of ChatGPT, trained using malware data, has gained popularity. This artificial intelligence chatbot is capable of generating convincing-looking attacks that threat actors can employ to deceive victims via emails, advertisements, or web pages with only a few simple prompts.
Responding to previous instances of dark web-hosted credentials, OpenAI stated that it maintains industry-leading practices for authenticating and authorizing users to services like ChatGPT. They also encourage users to adopt strong passwords and install verified and trusted software on their personal computers.
Rather than stemming from a flaw in OpenAI’s system, victims see their credentials exposed due to info-stealing malware, which could originate from various entry points, including fake ads and scam emails designed to install malware on users’ devices.
Flare advises those who believe they may be at risk to regularly monitor the dark web and utilize up-to-date endpoint protection software, many of which have recently incorporated AI enhancements for improved detection. It is also crucial for companies to practice good internet hygiene and provide periodic staff training updates.
In conclusion, the sale of OpenAI credentials on the dark web has raised concerns about potential data breaches. The adoption of info-stealing malware puts businesses at risk of unauthorized access to confidential information and personal data. Proactive measures such as dark web monitoring, endpoint protection software, and staff training are essential in mitigating these risks and maintaining online security.
