More than 100,000 ChatGPT users could be vulnerable to scams and online attacks.The cybersecurity firm Group-IB, based in Singapore, has disclosed that hackers successfully breached 101,134 devices that had saved ChatGPT login information.
The compromised ChatGPT accounts expose important user data like email addresses, passwords, and phone numbers even though they do not directly reveal banking information. As a result, these people are more vulnerable to phishing scams.
Group-IB has identified instances throughout the past year where underground online marketplaces traded compromised credentials. Notably, India ranks highest in terms of the number of compromised ChatGPT accounts.
In a blog post, Group-IB’s research reveals that hackers employed “info-stealing malware” to pilfer users’ credentials. The post emphasizes that this type of malware gathers stored browser credentials, bank card details, cryptocurrency wallet information, cookies, browsing history, and other data from infected devices. Users may unwittingly download the malware by clicking on suspicious links or downloading software infected with malware.
The cyber attack has primarily impacted users in the Asia-Pacific region.According to the research, the breach has affected approximately 40.5 percent of users in this region, and investigators have traced back 12,632 compromised ChatGPT accounts to India.
Following closely is Pakistan, with 9,217 compromised ChatGPT accounts. The breach has also had a significant impact on ChatGPT users in Brazil, Vietnam, and Egypt on a global scale.
While ChatGPT credentials do not directly expose banking or card information, Group-IB highlights that hackers can gain access to saved conversations with the AI chatbot. The report points out that “ChatGPT stores the history of user queries and AI responses by default.” Consequently, unauthorized access to ChatGPT accounts could lead to the exposure of confidential or sensitive information, which could then be exploited for targeted attacks against companies and their employees.