Skip links

Reminder: Infostealer malware is coming for your ChatGPT credentials

Stolen ChatGPT credentials are a hot commodity on the dark web, according to Singapore-based threat intelligence firm Group-IB, which claims to have found some 225,000 log files – harvested by infostealing malware – containing login details for the service last year.

Group-IB reported finding those logs in its annual High Tech Crime Trends report published last week. The document alleges it found the logs for sale on the dark web between January and October 2023.

Keep in mind these are stealer logs containing credentials, not username/password pairings – meaning there may be far more than 225K credential sets available for misuse.

According to Group-IB, it found around 130,000 of the ChatGPT credential-containing logs in the five months from June to October, 2023, representing a 36 percent increase in the number of logs found in the prior five-month period between January and May of last year.

“With more employees relying on ChatGPT for work optimization and its storage of past interactions, compromised logins could expose sensitive information, posing significant security risks for businesses,” Group-IB warned in a blog post summarizing its report.

This isn’t the first time Group-IB has reported the theft of ChatGPT credentials. In June of last year the firm revealed it had spotted more than 100,000 stealer logs containing ChatGPT usernames and passwords on the dark web – but that was for an entire year, between June 2022 and May 2023. The number of logs containing ChatGPT credentials has been steadily increasing, with just 74 logs posted in June 2022, and 26,802 published in May 2023.

It’s worth noting that the data presented last June overlaps with the period of this latest report, which covers January to October 2023. Of the more than 100,000 previously reported logs containing ChatGPT credentials, 95,827 were discovered from January to May.

“The sharp increase in the number of ChatGPT credentials for sale is due to the overall rise in the number of hosts infected with information stealers, data from which is then put up for sale on markets or in [underground clouds of logs],” Group-IB explained in its report.

As we reported recently, ransomware actors are increasingly relying on infostealers to gain initial footholds into victim networks. We’ve also noted recently that cyber baddies have begun seeing a role for LLMs like ChatGPT in illicit online activity.

In other words, it’s probably a good idea to enable multifactor authentication and regularly change those ChatGPT passwords – especially if you’re using it for work. ChatGPT retains logs of questions put to it, its responses and user data – all valuable information in the wrong hands.

OpenAI didn’t respond to questions for this story. ®