Stolen ChatGPT credentials are a scorching commodity on the darkish internet, in accordance with Singapore-based risk intelligence agency Group-IB, which claims to have discovered some 225,000 stealer logs containing login particulars for the service final yr.

Group-IB reported discovering these logs in its annual Excessive Tech Crime Tends report revealed final week. The doc alleges it discovered the logs on the market on the darkish internet between January and October 2023.

Consider these are stealer logs containing credentials, not username/password pairings – which means there could also be excess of 225k credential units obtainable for misuse.

Based on Group-IB, it discovered round 130,000 of the ChatGPT credential-containing logs within the 5 months from June to October, 2023, representing a 36 % improve within the variety of logs discovered within the prior five-month interval between January and Might of final yr.

“With extra staff counting on ChatGPT for work optimization and its storage of previous interactions, compromised logins may expose delicate info, posing vital safety dangers for companies,” Group-IB warned in a weblog submit summarizing its report.

This is not the primary time Group-IB has reported the theft of ChatGPT credentials. In June of final yr the agency revealed it had noticed greater than 100,000 stealer logs containing ChatGPT usernames and passwords on the darkish internet – however that was for a complete yr, between June 2022 and Might 2023. The variety of logs containing ChatGPT credentials has been steadily rising, with simply 74 logs posted in June 2022, and 26,802 revealed in Might 2023.

It is price noting that the information offered final June overlaps with the interval of this newest report, which covers January to October 2023. Of the greater than 100,000 beforehand reported logs containing ChatGPT credentials, 95,827 have been found from January to Might.

“The sharp improve within the variety of ChatGPT credentials on the market is as a result of general rise within the variety of hosts contaminated with info stealers, information from which is then put up on the market on markets or in [underground clouds of logs],” Group-IB defined in its report.

As we reported lately, ransomware actors are more and more counting on infostealers to realize preliminary footholds into sufferer networks. We have additionally famous lately that cyber baddies have begun seeing a job for LLMs like ChatGPT in illicit on-line exercise.

In different phrases, it is in all probability a good suggestion to allow multifactor authentication and recurrently change these ChatGPT passwords – particularly in the event you’re utilizing it for work. ChatGPT retains logs of questions put to it, its responses and person information – all beneficial info within the fallacious palms.

OpenAI did not reply to questions for this story. ®