Over 225,000 ChatGPT Credentials Sold on the Darknet
According to research from Group-IB, more than 225,000 stealer logs containing stolen ChatGPT credentials were available on the darknet between January and October 2023. In their latest report on cybercrime trends for 2023-2024, experts note that these credentials are mainly found in logs from infostealers such as LummaC2, Raccoon, and RedLine.
βThe number of infected devices slightly decreased in the middle and end of summer, but saw a significant increase in August and September,β the company reports.
From June to October 2023, there were over 130,000 unique host breaches with access to OpenAI ChatGPT, which is 36% more than in the first five months of 2023. The experts provided the following statistics for the top three stealer families:
- LummaC2 β 70,484 hosts
- Raccoon β 22,468 hosts
- RedLine β 15,970 hosts
βThe sharp increase in the number of ChatGPT credentials for sale is linked to the overall rise in hosts infected by infostealers, as the data obtained from these infections is then put up for sale,β the specialists explain.
According to the researchers, large language models (LLMs) like ChatGPT can be used by cybercriminals to develop new attack methods, prepare convincing scam and phishing campaigns, and improve overall operational efficiency. Group-IB believes that AI can also help hackers speed up reconnaissance, create hacking toolkits, and carry out fraudulent robocalls.
βIn the past, attackers were mainly interested in corporate computers and systems with access that allowed them to move laterally within a network. Now, they are also targeting devices with access to AI systems. This enables them to study logs of conversations between company employees and AI, which can be used to search for confidential information (for espionage), details about a companyβs internal infrastructure, authentication data (for even more destructive attacks), and information about application source code,β Group-IB concludes.