ESET Rapid Response to “Over 100,000 ChatGPT accounts were stolen via info-stealing malware”
Commentary by Jake Moore, Global Security Advisor at ESET
According to Bleeping Computer, over the past year, more than 101,000 ChatGPT user accounts have been stolen by information-stealing malware to dark web marketplace data.
Jake Moore says “People may not realize that their ChatGPT accounts may, in fact, hold a great amount of sensitive information that is sought after by cybercriminals. It stores all input requests by default and can be viewed by those with access to the account.”
Cyberintelligence firm Group-IB reports having identified over a hundred thousand info-stealer logs on various underground websites containing ChatGPT accounts, with the peak observed in May 2023, when threat actors posted 26,800 new ChatGPT credential pairs.
“Furthermore, info stealers are becoming more prominent in ChatGPT compromises and even used in malware-as-a-service attacks. Info stealers focus on stealing digital assets stored on a compromised system looking for essential information such as cryptocurrency wallet records, access credentials and passwords, and saved browser logins.”
Regarding the most targeted region, Asia-Pacific had almost 41,000 compromised accounts between June 2022 and May 2023, Europe had nearly 17,000, and North America ranked fifth with 4,700.
“The fact that a regular user with free access doesn’t have the option to enable 2FA/MFA makes the service increasingly vulnerable. Therefore, it might be a wise idea to disable the chat saving feature unless absolutely necessary and use one of the single sign-on options you trust the most (currently Google, Microsoft or Apple), which uses 2FA.”
Information stealers are a malware category that targets account data stored on applications such as email clients, web browsers, instant messengers, gaming services, cryptocurrency wallets, and others.
“The more data that chatbots are fed, the more they will be attractive to threat actors, so it is also advised to think carefully about what information you input into cloud-based chatbots and other services.”
About us:
Jake Moore is a highly respected figure in the field of cybersecurity, renowned for his expertise and valuable contributions to the industry. As the Global Cybersecurity Advisor for ESET, Europe's leading cybersecurity company, he plays a pivotal role in shaping the company's strategic initiatives and ensuring the highest level of online protection for individuals and organizations.
With a wealth of experience under his belt, Jake's career in cybersecurity began during his 14-year tenure in the police force. Serving as an integral member of the Digital Forensics Unit and Cyber Crime Team in Dorset, he investigated numerous computer crimes, diligently gathering digital evidence for a wide range of offenses, from fraud to murder. His time spent in Crown Court, providing expert testimony and analysis, solidified his reputation as a meticulous and knowledgeable cybersecurity professional.
In recognition of his exceptional skills, in 2016, Jake was selected by his police force to lead a pioneering Home Office initiative. This scheme aimed to bolster local communities' resilience against the escalating cyber threats by funding the implementation of cyber security advisors in various police forces across the country. Jake's role involved visiting companies throughout the county, proactively assisting them in safeguarding their digital infrastructure against online dangers.
Jake's vast repertoire of captivating stories showcases the intricate workings of the cybersecurity realm. From harrowing accounts of botched murder investigations to the risks associated with encryption breaches, his narratives shed light on the critical importance of maintaining robust online defenses. Furthermore, his expertise in social engineering and ethical network penetration testing has proven invaluable in enlightening businesses that were previously unaware of the threats they faced. He eagerly shares these captivating tales through public talks and webinars, providing valuable insights into the ever-evolving cybersecurity landscape.
A sought-after speaker, Jake captivates audiences at prestigious business events and conferences across the United Kingdom. His engaging presentations combine informative content with a highly entertaining delivery style, making complex concepts accessible to all. From large corporations like Vodafone, The Bank of England, and Facebook, to smaller enterprises seeking to bolster their digital security, Jake has delivered hundreds of talks, empowering businesses to better protect themselves in an increasingly interconnected world.
If you are keen on hearing one of Jake's compelling talks and gaining practical knowledge on enhancing your business's cybersecurity posture, do not hesitate to reach out.