ChatGPT security: Asia-Pacific tops list in account breaches, Group-IB reveals
In a comprehensive study conducted by the international cybersecurity corporation Group-IB, over 100,000 infiltrated ChatGPT accounts have been detected in concealed Internet marketplaces. In the last year, the majority of these ChatGPT credentials were discovered within the Asia-Pacific region, threatening ChatGPT security.
Through the close survey of stealer-riddled devices, Group-IB identified upwards of 101,134 technological instruments storing saved ChatGPT credentials. These details of ChatGPT security breaches were traced within the logs of information-stealing malware sold within illicit, obscured cybersecurity marketplaces throughout the previous year.
ChatGPT account logs in the region reached an unprecedented high point with 26,802 compromisations noted in May.
Between June 2022 and May 2023, Group-IB’s extensive research unveiled an alarming prominence of ChatGPT accounts in Asia-Pacific stolen by information stealers – accounting for an overall 40.5%.
Thailand, marred with an estimated 548 violated ChatGPT accounts, was ranked 13th in terms of the region’s breaches. Countries transporting the heaviest digital footprint were India with a significant 12,632 breaches, closely followed by Pakistan with 9,217, Vietnam with 4,771, Indonesia with 2,555 and Bangladesh with 2,463 violations respectively.
Global findings have underscored India as the most vulnerable with 12,632 violations, followed by Pakistan at 9,217, Brazil with 6,531, Vietnam with 4,771 and Egypt registering a total of 4,588 violated ChatGPT credentials, Group-IB reported.
ChatGPT, under its default setting, meticulously logs the chronicles of user interactions and AI responses. This could inadvertently allow unauthorised intrusion into ChatGPT accounts, exposing classified or confidential information which could potentially be manipulated for targeted assaults on businesses and their employers, reported Bangkok Post.
In light of these findings, Group-IB’s head of threat intelligence, Dmitry Shestakov, said…
“ChatGPT’s integration into the operational activities of many enterprises resulted in the entry of classified correspondences or the bot’s use for proprietary code optimisation. Given that ChatGPT, in its standard form, maintains all conversations, sensitive intelligence could be inadvertently seized by threat actors in the event of account credentials being uncovered.”
According to Group-IB’s darknet survey, it emerged that Racoon info stealer took the lead in breaching the majority of logs containing ChatGPT accounts.
Given the scale of these violations, Group-IB advises users to frequently revise their passwords and utilise two-factor authentication while accessing their accounts as a key strategy for countering risks associated with compromised accounts and enhancing ChatGPT security.
