Over 225,000 Compromised ChatGPT Credentials Up for Sale on Darkish Internet Markets

ChatGPT Credentials

Greater than 225,000 logs containing compromised OpenAI ChatGPT credentials had been made accessible on the market on underground markets between January and October 2023, new findings from Group-IB present.

These credentials had been discovered inside data stealer logs related to LummaC2, Raccoon, and RedLine stealer malware.

“The variety of contaminated units decreased barely in mid- and late summer season however grew considerably between August and September,” the Singapore-headquartered cybersecurity firm said in its Hello-Tech Crime Developments 2023/2024 report revealed final week.


Between June and October 2023, greater than 130,000 distinctive hosts with entry to OpenAI ChatGPT had been infiltrated, a 36% improve over what was noticed through the first 5 months of 2023. The breakdown by the highest three stealer households is beneath –

  • LummaC2 – 70,484 hosts
  • Raccoon – 22,468 hosts
  • RedLine – 15,970 hosts

“The sharp improve within the variety of ChatGPT credentials on the market is as a result of general rise within the variety of hosts contaminated with data stealers, information from which is then put up on the market on markets or in UCLs,” Group-IB mentioned.

The event comes as Microsoft and OpenAI revealed that nation-state actors from Russia, North Korea, Iran, and China are experimenting with synthetic intelligence (AI) and huge language fashions (LLMs) to enrich their ongoing cyber assault operations.

ChatGPT Credentials

Stating that LLMs can be utilized by adversaries to brainstorm new tradecraft, craft convincing rip-off and phishing assaults, and enhance operational productiveness, Group-IB mentioned the know-how may additionally velocity up reconnaissance, execute hacking toolkits, and make scammer robocalls.

“Up to now, [threat actors] had been primarily interested by company computer systems and in techniques with entry that enabled motion throughout the community,” it famous. “Now, in addition they give attention to units with entry to public AI techniques.


“This provides them entry to logs with the communication historical past between workers and techniques, which they’ll use to seek for confidential data (for espionage functions), particulars about inner infrastructure, authentication information (for conducting much more damaging assaults), and details about utility supply code.”

Abuse of legitimate account credentials by risk actors has emerged as a high entry approach, primarily fueled by the simple availability of such data by way of stealer malware.

“The mixture of an increase in infostealers and the abuse of legitimate account credentials to achieve preliminary entry has exacerbated defenders’ identification and entry administration challenges,” IBM X-Pressure said.

“Enterprise credential information might be stolen from compromised units by credential reuse, browser credential shops or accessing enterprise accounts immediately from private units.”

Notify of
Inline Feedbacks
View all comments
Previous Post
Investment Scams

Cybercriminals Utilizing Novel DNS Hijacking Method for Funding Scams

Next Post
GhostLocker 2.0 Haunts Businesses Across Middle East, Africa & Asia

GhostLocker 2.0 Haunts Companies Throughout Center East, Africa & Asia

Related Posts