ChatGPT AI using laptop keyboard representation

New research discovered over 101,000 stolen ChatGPT accounts for sale on dark web markets over the past year, with threat actors using various information-stealing malware to take user credentials.

Global cybersecurity company Group-IB reports finding 101,124 ChatGPT login credentials in info-stealing malware logs on dark web marketplaces, with compromised accounts reaching 26,802 in May 2023 alone.

Researchers note a significant increase in ChatGPT accounts targeted in underground forums. Inforstealer malware Raccoon has compromised a majority of accounts (78,348), with logs containing credentials also coming from Vidar (12,984) and Redline (6,773).

The info-stealing malware has affected users worldwide, with Asia-Pacific seeing 40,999 compromised accounts, 24,925 in the Middle East and Africa, 16,951 in Europe, 12,314 in Latin America and 4,737 in North America.

Geographical distribution of infostealer malware for ChatGPT accounts
Geographical distribution of infostealer malware for ChatGPT accounts via Group-IB

The AI chatbot has grown in popularity due to its many features to help users and businesses compose written content such as emails, articles, social media posts and code. Each ChatGPT account stores each conversation, including user input and AI responses, which threat actors can exploit if an account has been compromised.

Stolen user accounts risk having personal conversations, sensitive business information, or confidential software code leaked in targeted attacks if attackers obtain these ChatGPT credentials.

“Many enterprises are integrating ChatGPT into their operational flow,” says Dmitry Shestakov, Head of Threat Intelligence at Group-IB. “Employees enter classified correspondences or use the bot to optimize proprietary code. Given that ChatGPT’s standard configuration retains all conversations, this could inadvertently offer a trove of sensitive intelligence to threat actors if they obtain account credentials.”

Compromised ChatGPT accounts
Compromised ChatGPT accounts via Group-IB

Due to the rise in stolen ChatGPT accounts, it is recommended to turn on two-factor authentication (passkeys are an upcoming form of protection, too) and update passwords to stop attackers from gaining access to compromised accounts. 

See more:

What is infostealer malware?

Information-stealing malware is a type of malware that gathers information on an infected device to send to a threat actor. It targets login credentials saved in browsers, browsing history, credit card and crypto wallet information, location data, device information, emails, social media platforms and instant messaging clients such as Discord or Telegram.

Stolen data is collected in logs and sent to the attacker. This information can be used to access user accounts or find out personal details about a user and is often put up for sale on dark web markets.

Infostealers can use keylogging to record what a user types on a device, web injection scripts that add fields on forms to sneakily send information to the attacker and cookies to steal saved passwords.

Like most malware, like spyware or Trojans, infostealers are distributed through phishing emails, fake websites, dodgy ads on web pages and more. Because they can be hard to detect, it’s a good idea to set up the proper protection on your device.

Use antivirus software to protect your device

The best antivirus software can help detect and protect you from all types of malware, including infostealers.

Many AV come with a suite of security features that can get rid of virus, malware, ransomware, spyware or any malicious software that burrows into your device or web browser. Some antivirus software, such as Bitdefender, offers security subscriptions specifically for devices such as a PC, iPhone or Android, making it a more cost-effective option.

We recommend trusted AV software including Avast One, Norton 360 and Bitdefender, as they can efficiently detect and remove malware on your device. Check out our thoughts on each AV below.

Perform a safety check

1. On Google Chrome, click on the three vertical dots in the upper-right corner and select Settings.

Google Chrome Settings

2. Select Privacy and security in the right-hand toolbar.

3. Under Safety check, click Check now (or the arrow to perform it again).

Malware on Google how to remove

If Chrome finds any issues, you’ll be able to tap on the option and follow the instructions to see how to handle the it. For those who don’t want to give malware hiding on web pages any chances, you can also turn on Advanced protection.

1. In Privacy and security, click on Safe Browsing under Safety Check (or Security under Privacy and security).

Malware on CHrome how to remove

2. Select Enhanced protection to turn it on.

Google Chrome Advanced security
Darragh Murphy
Darragh Murphy is fascinated by all things bizarre, which usually leads to assorted coverage varying from the mischievous world of online security to washing machines designed for earbuds. Whether it's connecting Scar from The Lion King to two-factor authentication or turning his love for laptops into a fabricated rap battle from 8 Mile, he believes there’s always a quirky spin to be made. When he's not checking out the latest devices and all things tech, he can be found swimming laps, watching terrible shark movies, and trying to find time to game.  Previous Editor at Laptop Mag and News Editor at Time Out Dubai, specialising in food culture, nightlife events, gaming, tech and entertainment.


Please enter your comment!
Please enter your name here