Attention ! Over 100,000 ChatGPT accounts have been hacked and put up for sale on the Dark Web. Enough to access sensitive data to use them for malicious purposes. Check if you are concerned!
Thanks to its growing popularity, ChatGPT represents a veritable goldmine for cybercriminals. Many of them use AI to enrich their fake profiles on dating sites or on LinkedIn, generate their phishing campaigns or even clone the mobile application by adding a little extra malware. And that’s without counting on the security flaws of the platform, like that of March where all the conversations, personal data and payment information of users had been mixed up and exposed to everyone’s eyes. But hackers also target user accounts. Indeed, the cybersecurity group Group-IB reveals in a report that between June 2022 and May 2023, more than 100,000 ChatGPT accounts were compromised and offered for sale on the Dark Web. Mainly affected are India, Pakistan, Brazil, Vietnam, Egypt, the United States, France – the only European country concerned –, Morocco, Indonesia and Bangladesh. The majority of the identifiers were stolen thanks to malware like Raccoon, Vidar and RedLine. So, are you concerned?
ChatGPT hack: open access to sensitive data
The compromised accounts allowed hackers to collect a lot of personal data – even banking data for ChatGPT Plus subscribers – which can be used to carry out more targeted and larger-scale phishing campaigns. By digging into conversation history, hackers can also access a veritable treasure trove of sensitive data, whether personal or professional – that’s why big tech companies such as Google, Apple or Samsung prohibit the use of chatbots like ChatGPT, Bing AI and Bard to their employees (see our article). Moreover, as Internet users generally have the very bad habit of using the same password for several accounts, these too can be hacked.
The consequences of such a compromise are more serious than they might first appear. Indeed, hacked accounts can be used to carry out illegal activities, such as generating scams and phishing campaigns – ChatGPT is very good at this – but also easily creating malicious code and developing new attacks, without having to the authorities cannot trace their true author. Finally, since some accounts come with access to the GPT-4 API – the latest language model that powers ChatGPT – hackers can easily sell it on the black market, since this API is not accessible. only on the waiting list and is reserved for a limited number of users.
ChatGPT hack: how to check that your account has not been compromised?
To verify that your ChatGPT account – or any other account for that matter – is not on the Dark Web, the easiest way is to use tools like Have I Been Pwned? – which could be translated as “has my password been hacked?” – or the pCloud data breach checker. Simply enter your email address in the search bar to find out if it was part of one or more data breaches, and on which platform (see our practical sheet).
Whether you are affected or not, we recommend that you take the necessary steps to secure your account – better safe than sorry! First of all, it is better to opt for the connection via your Google or Microsoft account, which gives you a higher level of security – the tech giants are well versed in cyber attacks – and allows you to activate the sacrosanct double authentication (2FA). If possible, erase your chat history with ChatGPT containing sensitive content, whether about you or the company you work for. Also install an antivirus on your devices to avoid having your credentials stolen by malware and, of course, be careful what you download!