In a recent report by Group-IB, a prominent cybersecurity leader based in Singapore, an unsettling discovery has been made regarding the security of ChatGPT accounts.

Over the past months, their Threat Intelligence platform has identified a staggering 101,134 devices infected with info-stealing malware that contained compromised ChatGPT credentials.

These compromised credentials were found within the logs traded on illicit dark web marketplaces, and the numbers reached an alarming peak of 26,802 logs in May 2023.

This revelation highlights the critical need to understand the implications of such compromised accounts and implement robust mitigation strategies to protect sensitive information and maintain cybersecurity. In this article, we delve into the significance of these findings and explore effective measures to safeguard ChatGPT accounts from unauthorized access and potential cyber threats.

Overview of ChatGPT and its Usage

Before diving into the significance of compromised ChatGPT accounts, let's briefly understand what ChatGPT is and how it is being used by individuals and organizations.

  • ChatGPT is an AI-powered chatbot developed by OpenAI that leverages state-of-the-art natural language processing techniques to generate human-like responses to user queries.
  • It is widely used in various domains, including software development, business communications, and customer support, to optimize workflows and improve productivity.

Optimization of Workflows

One of the primary reasons for the increasing adoption of ChatGPT in enterprises is its ability to optimize workflows. Employees have recognized the value of using the Chatbot to streamline various tasks, including software development and business communications.

  • ChatGPT assists in automating repetitive tasks, allowing employees to focus on more complex and strategic activities.
  • The chatbot's natural language processing capabilities enable users to interact with it in a conversational manner, making it a convenient tool for optimizing workflows.

Software Development Benefits

ChatGPT offers specific benefits to software development teams, making it a sought-after tool in this domain.

  • Code optimization: Developers can use ChatGPT to optimize their proprietary code, improving efficiency and performance.
  • Troubleshooting assistance: The chatbot can provide guidance and suggestions during the software debugging process, helping developers identify and resolve issues more efficiently.

Enhanced Business Communications

Effective communication is essential in any organization, and ChatGPT has proven to be a valuable tool in facilitating such communications.

  • Instant responses: ChatGPT provides quick and accurate responses to queries, enhancing real-time communication between team members.
  • Language support: The chatbot's language capabilities make it a useful tool for cross-cultural and multilingual communications.

Identification of Compromised ChatGPT Accounts

Group-IB's Threat Intelligence platform played a crucial role in identifying compromised ChatGPT accounts on the dark web.

  • The platform analyzes logs of info-stealing malware traded on illicit dark web marketplaces to identify compromised ChatGPT credentials.
  • Through continuous monitoring of underground communities, Group-IB's experts promptly identify compromised accounts

By having visibility into dark web communities, organizations can identify if their sensitive data or customer information is being leaked or sold.

  • This real-time information allows organizations to take proactive action, notify affected individuals, and strengthen their security posture to prevent further damage.

Role of Info Stealers in Compromising ChatGPT Accounts

The majority of logs containing compromised ChatGPT accounts are breached by a notorious info stealer known as Raccoon.

  • Info stealers, like Raccoon, specifically target ChatGPT accounts to obtain valuable credentials that can be traded on dark web marketplaces.
  • These compromised ChatGPT accounts, along with other personal data, are actively traded and sold, posing significant risks to individuals and organizations.

What are Info Stealers?

Info stealers are a specific type of malware designed to collect sensitive information from infected computers. They are typically distributed through phishing emails, malicious downloads, or other means.

Infection and Payload

Once an info stealer gains access to a device, it executes its payload and initiates the collection of sensitive data. The payload may include:

  • Core functionalities: The core functionalities of info stealers enable them to collect data from browsers, messengers, emails, and other sources.
  • Persistence mechanisms: Info stealers often employ persistence mechanisms to ensure their presence on the infected device, enabling long-term data collection.

Collecting Data from Browsers

Info stealers target web browsers to collect various types of data. They focus on extracting information such as:

  • Saved credentials: Info stealers retrieve usernames, passwords, and other login details stored in browser settings.
  • Browsing history: They gather a record of websites visited, including URLs, timestamps, and page titles.
  • Cookies: Info stealers harvest browser cookies, which may contain session tokens or personalization data.

Compromising Instant Messengers and Emails

Info stealers also target instant messengers and email clients to intercept and collect sensitive data. They can:

  • Extract chat conversations: Info stealers capture conversations and messages exchanged through popular messaging applications.
  • Intercept email contents: They can access and retrieve email content, including subject lines, message bodies, and attachments.

Spread and Infection Methods

Info stealers aim to infect as many devices as possible to collect a large volume of data. They use various methods to spread and infect devices, including:

  • Phishing campaigns: Cybercriminals use deceptive emails or websites to trick users into downloading and executing the malware.
  • Exploiting software vulnerabilities: Info stealers can take advantage of security flaws in software to gain unauthorized access to devices.
  • Malicious downloads: They may be bundled with seemingly legitimate software or disguised as updates or plugins.

Role of Social Engineering

Social engineering plays a crucial role in various cyberattacks, including those targeting ChatGPT accounts. It refers to the manipulation of human psychology and behaviour to deceive individuals into divulging confidential information or performing actions that compromise security.

By exploiting human trust, curiosity, and vulnerabilities, cybercriminals can gain unauthorized access to sensitive data and systems. In the context of compromised ChatGPT accounts, social engineering techniques are often employed to trick users into revealing their credentials or performing actions that compromise the security of their accounts.

Here are some common social engineering techniques used in attacks on ChatGPT accounts:

  • Phishing: Phishing is one of the most prevalent social engineering techniques. Attackers send deceptive emails, and messages, or create fake websites that mimic legitimate platforms, such as the ChatGPT login page. The aim is to trick users into entering their account credentials, which are then captured by the attackers. Phishing attacks can be highly convincing and often exploit urgency or fear to manipulate users into taking immediate action.
  • Pretexting: Pretexting involves creating a false scenario or pretext to deceive individuals and gain their trust. Attackers may impersonate a trusted entity, such as a ChatGPT support representative or a colleague, and engage in conversations that convince users to share sensitive information or perform certain actions. By establishing a false sense of credibility, attackers manipulate victims into providing access to their ChatGPT accounts.
  • Baiting: Baiting attacks entice users with offers or incentives to manipulate their behaviour. Attackers may promise exclusive access to new ChatGPT features, discounts, or rewards in exchange for the user's login credentials or other sensitive information. These offers are designed to exploit human curiosity and the desire for immediate gratification, leading users to fall into the trap and compromise their accounts.
  • Tailgating: Tailgating involves unauthorized individuals physically following or accompanying authorized personnel into restricted areas. In the context of ChatGPT, this can occur in shared workspaces or during team collaborations. By gaining physical proximity and trust, attackers may attempt to observe or manipulate user interactions, collect sensitive information, or gain access to devices where ChatGPT accounts are logged in.

Implications of Compromised Information

The compromised information collected by info stealers can have severe implications. It can be exploited in various ways, including:

  • Unauthorized access: Cybercriminals can gain unauthorized access to user accounts, leading to identity theft or further malicious activities.
  • Financial fraud: Stolen banking information or credit card details can be used for fraudulent transactions.
  • Targeted attacks: The harvested data can be leveraged to launch targeted attacks, such as phishing campaigns or social engineering.
  • Privacy breaches: Personal and sensitive information exposed through compromised instant messengers or emails can lead to privacy violations.

Trading of Compromised Information on Dark Web Marketplaces

Logs containing compromised information, including ChatGPT accounts, are actively traded on dark web marketplaces.

  • These logs often include additional information, such as lists of domains found in the log and IP addresses of compromised hosts.
  • Cybercriminals leverage these marketplaces to profit from the stolen information, creating a thriving ecosystem for compromised data.

Underground Communities and ChatGPT

Underground communities refer to online forums, marketplaces, and closed communities where cybercriminals exchange information and trade stolen data.

  • These communities provide a platform for cybercriminals to share techniques, tools, and compromised information.
  • The growing popularity of ChatGPT has attracted the attention of individuals within these underground communities.

Demand for Compromised ChatGPT Accounts

The demand for compromised ChatGPT accounts in underground communities has been steadily increasing.

  • Cybercriminals seek access to ChatGPT accounts to exploit the stored conversation history and potentially gain unauthorized access to sensitive information.
  • The popularity of compromised ChatGPT accounts in these communities indicates the value placed on the information stored within them.

Asia-Pacific Region and the Concentration of ChatGPT Account Breaches

Group-IB's analysis has shown that the Asia-Pacific region has experienced the highest concentration of ChatGPT credentials being offered for sale on the dark web.

  • Between December 2022 and May 2023, 40.5% of ChatGPT accounts stolen by info stealers were from the Asia-Pacific region.
  • This indicates the prevalence of account breaches and the need for heightened cybersecurity measures in this region.
CountryNumber of compromised ChatGPT credentials
United States2,995

Personal Account Security Best Practices

Regular Password Updates

Regularly updating your password is a fundamental security practice. Here's why it's important:

  • Reduced Risk of Unauthorized Access: Regularly changing your password helps minimize the risk of unauthorized access to your ChatGPT account. It ensures that even if your previous password is compromised, the impact is limited.
  • Mitigation of Credential Stuffing Attacks: Credential stuffing is a technique where cybercriminals use lists of known usernames and passwords obtained from previous data breaches to gain unauthorized access to accounts. By regularly updating your password, you reduce the effectiveness of such attacks.

Password Strength

Creating a strong password is another vital aspect of securing your ChatGPT account. Consider the following tips for password strength:

  • Length: Aim for a password length of at least 12 characters. Longer passwords are generally more secure.
  • Complexity: Use a combination of uppercase and lowercase letters, numbers, and special characters in your password. Avoid common patterns or easily guessable information like birthdays or dictionary words.

Two-Factor Authentication (2FA) for Enhanced Security

Two-factor authentication (2FA) adds an extra step to the login process, requiring users to provide an additional verification code or factor. Here's why it's beneficial:

  • Enhanced Account Security: By implementing 2FA, even if someone obtains your password, they would still need the additional verification code to access your ChatGPT account.
  • Protection Against Credential Theft: 2FA significantly reduces the risk of unauthorized access, even if your password is compromised in a data breach or through other means.

Enabling Two-Factor Authentication in ChatGPT Accounts

Enabling 2FA in your ChatGPT account is a straightforward process. Here are the step-by-step instructions:

  1. Log in to your ChatGPT account using your current credentials.
  2. Navigate to the account settings or security settings section.
  3. Locate the option to enable two-factor authentication (2FA).
  4. Choose the preferred method for receiving the verification code. Common options include SMS, email, or authenticator apps.
  5. Follow the instructions provided to set up 2FA and link it to your account.
  6. Once enabled, you will be prompted to provide the verification code whenever you log in to your ChatGPT account.

Other Best Practices to Consider

Consider the following best practices for securing your personal ChatGPT account:

  • Regular Updates: Ensure your ChatGPT application is up to date with the latest security patches and updates. This reduces the risk of vulnerabilities being exploited.
  • Secure Device Usage: Use trusted devices and networks when accessing your ChatGPT account. Avoid logging in from public or unsecured networks that could potentially expose your credentials.
  • Beware of Phishing Attempts: Be cautious of phishing emails, messages, or links that may attempt to trick you into revealing your login credentials. Always verify the authenticity of any communication before providing any information.

Enterprise Account Security Best Practices

For enterprises integrating ChatGPT into their workflows, here are some additional best practices:

  • Role-Based Access Control: Implement role-based access control (RBAC) to ensure that employees have appropriate access privileges based on their roles and responsibilities.
  • Employee Awareness and Training: Conduct regular cybersecurity awareness and training programs to educate employees about the risks, best practices, and the importance of maintaining a secure computing environment.
  • Monitoring and Incident Response: Implement a robust monitoring system to detect any unauthorized access or suspicious activity. Have an incident response plan in place to respond quickly and effectively to potential security incidents.


The popularity of ChatGPT brings numerous advantages in optimizing work and communication for individuals and enterprises. However, it also exposes potential risks, as compromised ChatGPT accounts can lead to the exposure of confidential or sensitive information, making organizations vulnerable to targeted attacks.

To safeguard ChatGPT accounts and protect sensitive data, it is crucial for users to adopt proactive cybersecurity practices. Regularly updating passwords, implementing strong password policies, and enabling two-factor authentication are fundamental steps to mitigate the risks associated with compromised accounts.

Moreover, organizations should leverage Threat Intelligence solutions, like Group-IB's, to monitor cybercriminal activities, identify compromised credentials, and proactively address cyber risks. By staying informed about the threat landscape and taking necessary preventive measures, companies can enhance their overall cybersecurity posture and safeguard their valuable assets.

As the popularity of AI-powered chatbots continues to grow, it is imperative for individuals and organizations to remain vigilant, educate themselves about potential threats, and adopt robust security measures to ensure the privacy and integrity of their ChatGPT accounts. By doing so, they can confidently leverage the benefits of this innovative technology while mitigating the risks of compromised accounts and potential data breaches.

Share this post