
Singapore based cybersecurity firm, Group IB, reported that between June 2022 and May 2023, more than 101,000 ChatGPT account credentials were stolen by the hackers.
More than 75% of these credentials were stolen using a Raccoon Infostealer Malware. Raccoon Infostealer, also known as Racealer, is a Malware-as-a-Service (MaaS) sold on the dark web. (MaaS is a twin brother of RaaS. For exciting information on RaaS, check out Ransomware-as-a-Service) Raccoon Infostealer is usually embedded in a link and sent via email or other social engineering means. Once users unknowingly download the malware by clicking the link, the genie is out of the bottle. The malware works its magic and collects browser autofill information such as usernames, passwords, credit card numbers, date of birth, address, etc., plus history and cookies.
It is believed that compromised ChatGPT users downloaded the Raccoon Infostealer by clicking a link they received in a phishing email.
The Raccoon Infostealer malware not only collected browser autofill information but also siphoned cryptocurrency wallet information. According to one estimate, more than $3 billion (yes, that is a billion with B) were stolen only in cryptocurrency.
Out of 101,000 stolen credentials, more than 35% were stolen from the Asia-Pacific region— with India ranked at the top with about 13%, almost 12,500 stolen credentials. Nearly 3000 ChatGPT account credentials were stolen from the USA.
The hackers are selling the stolen information on the dark web. (For those of you unfamiliar with Cybersecurity jargon, the dark web is a part of the web accessible by special software/tools and users whose activities are not traceable. As a result, hackers and other cybercriminals sell stolen information on the dark web.)
In simple terms, all the usernames, passwords, credit card numbers, and other information that users save in the browser for autofill, plus the browser history and cookies, are available for grabs on the dark web.
Once cybercriminals purchase this information, they can use it to buy other goods and services, open a different credit card account with a compromised user name, and spend like there is no tomorrow or even get a loan in your name! The extent of the damage depends upon the information they extract. But the stakes are very high!
Since more and more people are using ChatGPT for work and business purposes, things are more complex with ChatGPT credentials stolen incidents. The hackers might have their hands on the company’s confidential or employee personal information if ChatGPT was for these purposes.
What should I do to protect my data and information? I hear you are asking.
If you believe your ChatGPT credentials were stolen, you must:
To prevent being a victim of such attacks in the future, you can be proactive and take the following measures:
Information source: The Hacker News and Group IB report
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
5 | |
3 | |
3 | |
2 | |
2 | |
1 | |
1 | |
1 | |
1 | |
1 |