ChatGPT user data leak: What happened and how does it affect privacy?
More than 100,000 ChatGPT chatbot users’ data has ended up on dark web marketplaces, according to a report from cybersecurity firm Group-IB. Data leaks were discovered between June 2022 and May of this year, and the largest upload occurred in May 2023.
According to experts, in May 2023, the number of available logs with compromised ChatGPT accounts reached a record 26,802 entries. Over the past year, the largest concentration of ChatGPT credentials offered for sale has been in Asia Pacific.
If we look at the data by country, then the most data breaches of ChatGPT users were registered in India (12,632 records), Pakistan (9,217 records) and Brazil (6,531 records). In addition, data from chatbot users got into the darknet from Vietnam, Egypt, the United States, France, Morocco, Indonesia, and Bangladesh.
Group-IB experts note that magazines with compromised user information are actively sold on darknet marketplaces. This data contains information about domains and IP addresses of compromised users.
The analysis also showed that the majority of records (78,348 records) were stolen using Raccon malware, available as Malware as a Service. In second place is Windows spyware and the Vidar information theft tool. With the help of them, data on 12,984 ChatGPT accounts were stolen. In third place (6,773 records stolen) was the RedLine Trojan, which steals cookies, usernames and passwords, credit cards stored in web browsers, as well as FTP credentials and files from infected devices.
Strictly keeping in mind that this is not just about identity theft is critical. Both personal and professional content can be found on a ChatGPT account, from company trade secrets to personal diaries, which is unacceptable.
“For example, company employees can enter secret information into a chatbot search query or use the bot to optimize proprietary code. Considering that the standard ChatGPT configuration saves all requests, leaking this data can provide an attacker with access to valuable information,” the comment says. Group-IB company.
Incidents like these highlight the importance of taking steps to protect the privacy of user data, notes NIX Solutions. Companies that develop and implement chatbots must ensure that the information they store is secure and regularly update security measures to prevent leaks. Users, in turn, must be vigilant and use strong passwords, two-factor authentication, and update their accounts regularly to minimize the risk of compromise and data leakage.