Over 100,000 login credentials for OpenAI’s ChatGPT artificial intelligence chatbot were leaked onto the dark web, according to a report this week from Group-IB, a cybersecurity firm based in Singapore.
Group-IB wrote that the credential theft began in June 2022 but peaked at 26,802 stolen logins in May 2023. The theft, the report said, was orchestrated with the Raccoon Infostealer malware, which is downloaded by victims after receiving a phishing email.
Once infected, the malware collects login credentials, history, and cookies saved in web browsers. Group-IB said this can also include crypto wallet information. According to blockchain analytics firm Chainalysis, over $3 billion in cryptocurrency was stolen in 2022 alone.
US Congress Presses Forward on AI Regulation With Proposed Commission
Congress is preparing to take a significant step towards regulating AI at the national level, following on the heels of a robust UK AI law introduced last week. A bipartisan bill was introduced yesterday by Reps. Ted Lieu (D-Calif.), Anna Eshoo (D-Calif.), and Ken Buck (R-Colo.), aiming to establish a federal commission on AI. The proposed legislation—Bill H.R.4223—requires Congress and the White House to assemble a 20-person "blue-ribbon commission." This group—comprising representatives from g...
One of the most common forms of cyberattacks, phishing attacks, come in the form of email, text messages, or messages on social media and include sending fraudulent communications like texts and messages on social media that appear to come from a reputable source.
"This type of malware infects as many computers as possible through phishing or other means in order to collect as much data as possible," Group-IB wrote in a press release co-authored with ChatGPT. "Info stealers have emerged as a major source of compromised personal data due to their simplicity and effectiveness."
In its report, Group-IB wrote that the majority of stolen ChatGPT credentials, about 41,000 of them, were from the Asia-Pacific region. Group-IB recommends users update their passwords and use two-factor authentication on their accounts.
Earlier this month, OpenAI pledged $1 million towards AI cybersecurity initiatives. An OpenAI representative sent the following statement in response to the release of the Group-IB report:
“The findings from Group-IB’s Threat Intelligence report are the result of commodity malware on people’s devices and not an OpenAI breach," the statement reads. "We are currently investigating the accounts that have been exposed. OpenAI maintains industry best practices for authenticating and authorizing users to services including ChatGPT, and we encourage our users to use strong passwords and install only verified and trusted software to personal computers.”
In October 2022, the U.S. Attorney's Office for the Western District of Texas unsealed indictment charges from the Department of Justice against Mark Sokolovsky for his alleged role in Raccoon Infostealer, which the agency called an international cybercrime operation.
The software was offered as "malware-as-a-service" (MaaS), allowing users to lease access to the illicit tools for a monthly fee.
OpenAI Pledges $1M Towards AI-Driven Cybersecurity Initiatives
Gather up, white hat hackers from across the globe—OpenAI is calling you. Unveiling its latest endeavor, the creator of ChatGPT and Dall-e is launching a $1M Cybersecurity Grant Program to boost and quantify the effectiveness of AI-powered cybersecurity capabilities. It's no secret that OpenAI has been consistently vocal about the necessity of AI regulation to prevent potential malicious applications. The impact of AI tech in the hands of criminals—who have created everything from deepfakes to m...
According to DOJ documents, Sokolovsky is charged with one count of conspiracy to commit computer fraud; one count of conspiracy to commit wire fraud; one count of conspiracy to commit money laundering; and one count of aggravated identity theft.
The Amsterdam District Court granted Sokolovsky's extradition to the United States to stand trial on September 13, 2022. If convicted, Sokolovsky faces 20 years in federal prison.
Group-IB and the U.S. Department of Justice have not yet responded to Decrypt's request for comment.
Editor's note: This article was updated after publication with a statement from OpenAI.