Researchers warn of malware viruses that steal ChatGPT account credentials. This can give them indirect access to sensitive company information.

Asian cybersecurity company Group-IB has discovered a ChatGPT credential trafficking on the dark web. According to the press release, more than a hundred thousand accounts have been disclosed, including around 17,000 European ones. Trading is also still in full swing: May was a top month with 26,800 login data added.

Data is collected using information stealers, a type of malware that looks for usernames, passwords, and/or credit card information on an infected device. The devices’ logs are then resold on the dark web, where the buyer can filter out the data they need. The most active information stealer, according to Group-IB Racoon, that’s 78,348 thefts.

trade secrets

What use are your ChatGPT credentials to a hacker? Aside from the fact that hackers sometimes try to get their hands on passwords at random, a ChatGPT account can be particularly valuable. Today, many people use ChatGPT for work, from (re)writing code to helping compose emails for clients.

In other words, ChatGPT often knows a lot about a user’s employer. A hacker can therefore misuse an employee’s ChatGPT account to indirectly obtain company-sensitive data. For this reason, and because your input can be reproduced with other users, companies are looking for ways to control the use of the chatbot within the organization. Building adequate security into accounts is a good start.