According to a reliable source, over 101,000 user accounts of ChatGPT have been compromised by malware attacks in the past year.
Identification of Cyberattacks According to Bleeping Computer
Renowned cybersecurity firm Group-IB has conducted a comprehensive investigation and successfully detected these cyberattacks on multiple covert websites where compromised ChatGPT accounts were discovered. The highest concentration of these attacks occurred in May 2023, with threat actors exposing approximately 26,800 new ChatGPT credentials.
Upon analyzing the particularly targeted regions, it was found that the Asia-Pacific region experienced the highest impact, with nearly 41,000 compromised ChatGPT accounts between June 2022 and May 2023. Europe followed closely behind with approximately 17,000 compromised accounts, while North America ranked fifth with around 4,700 accounts falling victim to the cyberattacks.
Insights from Cybersecurity Expert
Benoit Grunewald, a cybersecurity expert from ESET France, has raised concerns about the lack of awareness among ChatGPT users regarding the substantial amount of sensitive information stored within their accounts. He highlights the fact that cybercriminals actively target this data.
Grunewald emphasizes that ChatGPT, by default, retains all input requests, which individuals with account privileges can access. This poses a significant risk regarding unauthorized access and potential misuse of the stored information.
Grunewald also said that hackers are getting increasingly involved in stealing information from ChatGPT and even using it as a service in their malware operations.
The primary objective of these information thieves is to target valuable digital assets stored within compromised systems. They specifically focus on critical information, including records of cryptocurrency wallets, login credentials, and saved browser logins. These assets hold significant value, making them attractive targets for cybercriminals.
Enhancing Security Measures
Grunewald emphasized the vulnerability of the ChatGPT service, particularly for regular users who have free access, due to the absence of two-factor authentication/multi-factor authentication (2FA/MFA). He pointed out that this security feature is unavailable to them, making their accounts more susceptible to unauthorized access.
To mitigate the associated risks, he advised users to turn off the chat logging feature unless it is essential. Furthermore, he recommended utilizing trusted single sign-on options such as Google, Microsoft, or Apple, as these platforms incorporate 2FA, providing an added layer of security.
Grunewald cautioned that as chatbots like ChatGPT accumulate more data, they become increasingly attractive targets for threat actors. Users must be aware of these risks and take appropriate measures to protect their accounts and sensitive information.
Given the potential risks of compromised chatbots and cloud-based services, users must exercise caution when providing information. By being mindful of the potential security vulnerabilities and taking proactive steps to protect their data, users can minimize the chances of their valuable information ending up in the wrong hands.
Prioritizing security measures, such as using strong and unique passwords, enabling two-factor authentication whenever possible, and staying vigilant against phishing attempts, can go a long way in safeguarding personal information. Users can enhance their online safety and protect their sensitive data by making informed choices and being mindful of security best practices.