Financial Management Blogs by SAP
Get financial management insights from blog posts by SAP experts. Find and share tips on how to increase efficiency, reduce risk, and optimize working capital.
Showing results for 
Search instead for 
Did you mean: 

Find out what happened and what you can do to protect

Last month; The Hacker News revealed that over 100,000 ChatGPT user credentials were stolen and available for sale on the dark web. This is a serious concern as more and more people use AI powered chatbots, ChatGPT, for personal and business use. Hackers getting their hands on the credentials of such applications can open many doors for cybercriminals and can lead to some serious crimes. This blog will briefly describe what happened, explain the risk, and recommend steps to mitigate the risk and prevent future compromising of your information.

ChatGPT Credentials were Stolen using Phishing Attacks

ChatGPT Credentials were stolen using a Phishing Attack — Image courtesy of Freepik

Singapore based cybersecurity firm, Group IB, reported that between June 2022 and May 2023, more than 101,000 ChatGPT account credentials were stolen by the hackers.

More than 75% of these credentials were stolen using a Raccoon Infostealer Malware. Raccoon Infostealer, also known as Racealer, is a Malware-as-a-Service (MaaS) sold on the dark web. (MaaS is a twin brother of RaaS. For exciting information on RaaS, check out Ransomware-as-a-Service) Raccoon Infostealer is usually embedded in a link and sent via email or other social engineering means. Once users unknowingly download the malware by clicking the link, the genie is out of the bottle. The malware works its magic and collects browser autofill information such as usernames, passwords, credit card numbers, date of birth, address, etc., plus history and cookies.

It is believed that compromised ChatGPT users downloaded the Raccoon Infostealer by clicking a link they received in a phishing email.

The Raccoon Infostealer malware not only collected browser autofill information but also siphoned cryptocurrency wallet information. According to one estimate, more than $3 billion (yes, that is a billion with B) were stolen only in cryptocurrency.

Out of 101,000 stolen credentials, more than 35% were stolen from the Asia-Pacific region— with India ranked at the top with about 13%, almost 12,500 stolen credentials. Nearly 3000 ChatGPT account credentials were stolen from the USA.

The hackers are selling the stolen information on the dark web. (For those of you unfamiliar with Cybersecurity jargon, the dark web is a part of the web accessible by special software/tools and users whose activities are not traceable. As a result, hackers and other cybercriminals sell stolen information on the dark web.)

In simple terms, all the usernames, passwords, credit card numbers, and other information that users save in the browser for autofill, plus the browser history and cookies, are available for grabs on the dark web.

Once cybercriminals purchase this information, they can use it to buy other goods and services, open a different credit card account with a compromised user name, and spend like there is no tomorrow or even get a loan in your name! The extent of the damage depends upon the information they extract. But the stakes are very high!

Since more and more people are using ChatGPT for work and business purposes, things are more complex with ChatGPT credentials stolen incidents. The hackers might have their hands on the company’s confidential or employee personal information if ChatGPT was for these purposes.

What should I do to protect my data and information? I hear you are asking.

If you believe your ChatGPT credentials were stolen, you must:

  1. Reset your ChatGPT password. Since your ChatGPT password was stolen, this is the least you can do to protect your account.

  2. Clear browser history, clear the cache, and reset all passwords saved by the autofill feature. This is critical if your credentials were stolen using Raccoon Infostealer malware.

  3. Scan your system for virus/malware and disinfect it. This is to remove the downloaded malware.

To prevent being a victim of such attacks in the future, you can be proactive and take the following measures:

  1. Create a strong password — Any strong password is eight or more characters long, a combination of uppercase letters, lowercase letters, numbers, and special characters. It is recommended that you use a passphrase instead of a password.

  2. Use Multi-Factor Authentication (MFA or 2FA). This feature would send an OTP (One Time Passcode) on your phone or ask for approval on your phone.

  3. Never open or click any unknown link.

  4. Avoid using autofill to save a credit card number, banking information, and other personal information.

  5. Clear browser history and cache periodically.

  6. Lastly, although most of us don’t believe in paying for email services, using paid email services instead of free ones goes a long way—the paid email services strip trackers and spam emails.

Information source: The Hacker News and Group IB report

SAP notes that posts about potential uses of generative AI and large language models are merely the individual poster's ideas and opinions, and do not represent SAP's official position or future development roadmap. SAP has no legal obligation or other commitment to pursue any course of business, or develop or release any functionality, mentioned in any post or related content on this website.