JAKARTA - ChatGPT is still a hot topic of conversation, so far it has penetrated 100 billion users and 1.8 billion visitors per month. However, a new report states that there is leaked user data.
Singapore-based cybersecurity company Group-IB managed to uncover this incident, and found more than 20,000 ChatGPT account credentials sold freely on the dark web.
The account credentials include users who enter the ChatGPT ranging from its launch (in June 2022) to 74 to 26,902 in May 2023.
Users who are victims are mostly in the Asia-Pacific region, which means users in Indonesia are also affected.
"The Asia-Pacific region has experienced the highest concentration of ChatGPT credentials offered for sale over the past year," Group-IB said on its official website, quoted Wednesday, June 21.
Group-IB experts stated that many employees use Artificial Intelligence (AI)-based chatbots to optimize their work, be it software development or business communication.
"Defaultly, ChatGPT stores a history of user queries and AI responses. As a result, unauthorized access to ChatGPT accounts can reveal confidential or sensitive information, which can be used for targeted attacks against companies and their employees," said Group-IB.
According to the latest Group-IB findings, the ChatGPT account has gained significant popularity in the underground community.
Group-IB analysis of the underground market revealed that most of the logs containing the ChatGPT account had been violated by the famous Raccoon information thief.
The growing popularity of chatbots, as evidenced by the consistent increase in the compromised ChatGPT account observed by the Group-IB Threat Intelligence team over the past year.
Information theft is a type of malware that collects credentials and is stored in browsers, bank card details, crypto wallet information, cookies, search history, and other information from browsers installed on infected computers, then sends all of this data to malware operators.
In addition, thieves can also collect data from messaging and email applications, along with detailed information about victims' devices. Thieves work non-selectively.
This type of malware infects as many computers as possible via phishing or other means of collecting as much data as possible and then selling it on the dark web.
To reduce the risk associated with the compromised ChatGPT account, Group-IB advises users to update their password regularly and implement two-factor authentication.
"By activating 2FA, users are required to provide additional verification codes, usually sent to their mobile devices, before accessing their ChatGPT account," explains Group-IB.
The English, Chinese, Japanese, Arabic, and French versions are automatically generated by the AI. So there may still be inaccuracies in translating, please always see Indonesian as our main language. (system supported by DigitalSiber.id)