Hackers Leak Over 100,000 ChatGPT Credentials on the Dark Web

The theft of the ChatGPT login credentials was orchestrated using the Raccoon Infostealer malware, said cybersecurity firm Group-IB.

By Jason Nelson

3 min read

Over 100,000 login credentials for OpenAI’s ChatGPT artificial intelligence chatbot were leaked onto the dark web, according to a report this week from Group-IB, a cybersecurity firm based in Singapore.

Group-IB wrote that the credential theft began in June 2022 but peaked at 26,802 stolen logins in May 2023. The theft, the report said, was orchestrated with the Raccoon Infostealer malware, which is downloaded by victims after receiving a phishing email.

Once infected, the malware collects login credentials, history, and cookies saved in web browsers. Group-IB said this can also include crypto wallet information. According to blockchain analytics firm Chainalysis, over $3 billion in cryptocurrency was stolen in 2022 alone.

One of the most common forms of cyberattacks, phishing attacks, come in the form of email, text messages, or messages on social media and include sending fraudulent communications like texts and messages on social media that appear to come from a reputable source.

"This type of malware infects as many computers as possible through phishing or other means in order to collect as much data as possible," Group-IB wrote in a press release co-authored with ChatGPT. "Info stealers have emerged as a major source of compromised personal data due to their simplicity and effectiveness."

In its report, Group-IB wrote that the majority of stolen ChatGPT credentials, about 41,000 of them, were from the Asia-Pacific region. Group-IB recommends users update their passwords and use two-factor authentication on their accounts.

Earlier this month, OpenAI pledged $1 million towards AI cybersecurity initiatives. An OpenAI representative sent the following statement in response to the release of the Group-IB report:

“The findings from Group-IB’s Threat Intelligence report are the result of commodity malware on people’s devices and not an OpenAI breach," the statement reads. "We are currently investigating the accounts that have been exposed. OpenAI maintains industry best practices for authenticating and authorizing users to services including ChatGPT, and we encourage our users to use strong passwords and install only verified and trusted software to personal computers.”

In October 2022, the U.S. Attorney's Office for the Western District of Texas unsealed indictment charges from the Department of Justice against Mark Sokolovsky for his alleged role in Raccoon Infostealer, which the agency called an international cybercrime operation.

The software was offered as "malware-as-a-service" (MaaS), allowing users to lease access to the illicit tools for a monthly fee.

According to DOJ documents, Sokolovsky is charged with one count of conspiracy to commit computer fraud; one count of conspiracy to commit wire fraud; one count of conspiracy to commit money laundering; and one count of aggravated identity theft.

The Amsterdam District Court granted Sokolovsky's extradition to the United States to stand trial on September 13, 2022. If convicted, Sokolovsky faces 20 years in federal prison.

Group-IB and the U.S. Department of Justice have not yet responded to Decrypt's request for comment.

Editor's note: This article was updated after publication with a statement from OpenAI.

Get crypto news straight to your inbox--

sign up for the Decrypt Daily below. (It’s free).

Recommended News