Over 100,000 compromised ChatGPT accounts found for sale on dark web

Cybercrooks hoping users have whispered employer secrets to chatbot

UPDATED Singapore-based threat intelligence outfit Group-IB has found ChatGPT credentials in more than 100,000 stealer logs traded on the dark web in the past year.

The amount of stolen accounts steadily climbed from 74 in June 2022 to 26,902 in May 2023. April 2023 was an outlier – a moderate decline was seen in the number of accounts, before peaking the very next month.

"Group-IB's experts highlight that more and more employees are taking advantage of the Chatbot to optimize their work, be it software development or business communications," said the company, adding that demand for account credentials was gaining "significant popularity."

ChatGPT stores user query history and AI responses by default. Access to the history could expose company or personal secrets.

"Many enterprises are integrating ChatGPT into their operational flow. Employees enter classified correspondences or use the bot to optimize proprietary code," said Group-IB head of threat intelligence Dmitry Shestakov.

Both Apple and Samsung have banned company use of ChatGPT over security issues. In the case of the latter, employees accidentally leaked secrets.

The problem is particularly rife in the heavily populated Asia Pacific region, which accounted for over 40 percent of stolen ChatGPT accounts in the time period Group-IB tracked.

India suffered the most compromised accounts (12,632), a tidbit that resonates with previous findings that the subcontinent is a prime target for data theft, thanks to its size and heavy use of infotech.

Most logs (78,348) were breached using the Racoon info stealer, with Vidar accounting for 12,984 and Redline for 6,773.

Shestakov told The Register: "Racсoon is one of the most popular stealers on the market distributed under the MaaS model due to its simplicity. Released in June 2022, the new version of Raccoon was tailored better to the needs of operators and offered cybercriminals a higher level of customization and the ability to handle excessive loads."

Group-IB advises the usual procedures to mitigate thievery: update passwords regularly and implement two-factor authentication, and of course, maybe buy some of their products. ®

UPDATED AT 06:55 UTC, JUNE 23: OpenAI, the company behind ChatGPT, sent us a statement it kindly suggested we attribute to an unnamed spokesperson.

The statement reads: "The findings from Group-IB’s Threat Intelligence report is the result of commodity malware on people’s devices and not an OpenAI breach. We are currently investigating the accounts that have been exposed. OpenAI maintains industry best practices for authenticating and authorizing users to services including ChatGPT, and we encourage our users to use strong passwords and install only verified and trusted software to personal computers.”

More about


Send us news

Other stories you might like