Account information from Chat GPT found on the Darknet
Kaspersky's cybersecurity experts have discovered thousands of stolen credentials for popular AI tools such as ChatGPT, Grammarly and Canva on the darknet. Cybercriminals can use infostealers to obtain user credentials and offer them for sale on the darknet.
Chat GPT's AI tools are becoming increasingly popular, not only among private individuals but also in companies. The practical benefits of AI-supported office work are becoming increasingly apparent. However, AI services for image processing and translation as well as chatbots are also an attractive target for cybercriminals, as an analysis by Kaspersky experts shows. According to a recent analysis, the number of compromised account information for the services of chatGPT developer OpenAI increased more than thirtyfold compared to 2022.
ChatGPT a popular target for data thieves
Specifically, stolen logins for the services of ChatGPT developer OpenAI jumped to around 664,000 in 2023 compared to the previous year, with a total of almost 688,000 in the study period from 2021 to 2023. After the launch of the fourth version of ChatGPT in March 2023, the demand for corresponding accounts was particularly high, since then it has matched that of other AI services. In addition, around 1.2 million Canva user credentials were stolen in the three years and distributed on darknet forums and Telegram channels. Grammarly recorded around 839,000 compromised credentials in the same period.
"The compromised credentials come from Infostealer activity, a specific type of malware that steals user credentials for cyberattacks, darknet sales or other malicious activities. Infostealers can infect corporate devices via phishing emails or websites and public websites with malicious content, among others," explains Yuliya Novikova, Head of Kaspersky Digital Footprint Intelligence. "We expect the demand for ChatGPT accounts to continue. Effective enterprise security solutions that protect against Infostealer attacks and other malware are becoming increasingly important. For example, our software monitors compromised accounts on the darknet and notifies companies if users of their online services have been compromised."
Recommendations for risk minimization
Kaspersky's experts make various recommendations on how to minimize the risk in the event of data leaks:
- Continuously monitor the darknet for posts about data leaks. For this purpose, Kaspersky has developed a detailed guide created.
- The so-called. Kaspersky Digital Footprint Intelligence to gain an attacker's view of corporate resources and identify potential attack vectors.
- Use a unique password for each service to minimize the impact of account theft.
- In the event of a data leak to dedicated incident response services such as Kaspersky Incident Response Service to be able to act quickly and effectively and minimize the consequences. Such services help to identify compromised accounts and protect the infrastructure from similar attacks in the future.
Source and further information: Kaspersky