Over 12,000 Indian ChatGPT accounts have been hacked, more than any other country in the world, according to the cybersecurity firm, Group-IB. In a startling revelation, the Singapore-based firm found that more than one lakh ChatGPT credentials from across the world, have emerged on dark web marketplace since its worldwide launch, which means that these accounts were hacked.
India and Pakistan topped the country-wide numbers of reported breaches, at 12,632 and 9,217 hacked accounts each.
Millions of users worldwide signed on to test super intelligent capabilities of the generative AI chatbot, now, it appears that a portion of these users have had their credentials leaked into the dark web.
The report by Group-IB’s threat intelligence unit said that the Asia Pacific saw the largest number of ChatGPT accounts stolen by information stealers, 40.5 per cent between June 2022 and May 2023. While the Middle East and Africa and Europe stood at second and third spots with 24,925 and 16,951 instances respectively.
Also read: OpenAI admits data breach at ChatGPT, private data of premium users exposed
How malware works
Group-IB’s threat intelligence platform found the compromised credentials in the logs of info stealing malware that was traded on dark-web marketplaces over the last year. The number of stolen logs peaked in May 2023, reaching 26,802 accounts. The company’s finding indicates that the majority of the ChatGPT credentials up on sale in the dark web, belonged to the Asia Pacific region.
Information stealers are a malware category that targets account data stored on applications such as email clients, web browsers, instant messengers, gaming services, cryptocurrency wallets, and others. The data and credentials stolen by the malware, are then packaged into archives, called logs, and sent back to the attackers’ servers for retrieval.
Also read: Samsung bans staff’s AI use after spotting ChatGPT data leak
Growing concern
The worry of the ChatGPT breach is that because ChatGPT allows users to store conversations, accessing one’s account might mean gaining insights into proprietary information, internal business strategies, personal communications, software code, and more.
Experts have still not been able to ascertain why India had the largest number of these attacks, however India has been moving up the ranks for cybersecurity breaches. A recent report by the VPN firm, Surfshark found that India now stands at the sixth position when it comes to cybersecurity breaches.
SHARE
Published on June 22, 2023
