An investigation has discovered that the credentials of more than 100,000 ChatGPT accounts are available on the Dark Web thanks to the use of so-called infostealers with which cybercriminals have been able to infect computers and gain access information.
During the period from June 2022 to May 2023 , the presence of more than 101,100 ChatGPT account credentials was detected in underground dark web markets.
Today, the platform owned by OpenAI, ChatGPT, is the Artificial Intelligence (AI) app par excellence since it was launched just a few months ago. Its popularity is so great that in a very short time it has achieved almost record numbers of registered users, something that has not gone unnoticed by cybercriminals.
Group-IB , a Singapore-based cybersecurity company, identified this alarming finding and shared it with The Hacker News . The Asia-Pacific region has experienced the highest concentration of these stolen credentials.
Analysis by Group-IB reveals that the cybercriminal groups responsible for this breach include Raccoon, Vidar, and RedLine .These groups have found popularity due to their ability to obtain sensitive information, such as passwords, cookies, and credit card data , through browser and cryptocurrency wallet extensions.
Compromised records are actively traded on dark web marketplaces , posing a significant security risk to users.
Are Social Logins Safe?
Many new websites regularly ask for social login. The option for registering with email is not easily accessible to new users. Some of these websites do not even give option to register with email. Even if you manage to register with a newly created email specifically for that website, they will keep poking you to enter your Phone Number for OTP Verification. This all seems OK, as long as security is not breached. Once the security is breached, your entire personal data gets accessible to any hacker.
Watch Video: Pros and Cons of Social Logins
How to Safeguard Yourself from any such Security Breaches?
Social logins, such as using your social media accounts to log into other websites or apps, can be considered relatively safe. However, it is important to exercise caution and be aware of potential risks.
The main advantage of social logins is convenience. Instead of creating and remembering separate usernames and passwords for each website or app, you can simply use your existing social media credentials to log in. This saves time and effort.
From a security standpoint, social logins can be safe because they utilize the security measures implemented by the social media platforms themselves. These platforms invest heavily in security to protect user data, including encryption, authentication protocols, and monitoring systems. However, there is always a room for hacker to intrude into these systems and to take out details of users who have registered there.
You can create a new separate Social Login which is different from email/phone number you regularly use for business or personal use.
Additionally, using social logins means that if your social media account is compromised, there is a potential risk to the connected accounts as well. It is crucial to maintain strong passwords, enable two-factor authentication, and regularly monitor your social media accounts for any suspicious activity.
In summary, while social logins can offer convenience, it is important to be mindful of the websites or apps you connect with and take appropriate security measures to protect your accounts.
How to SafeGuard from any such Security Breaches in Future?
- Avoid Using Social Login unnecessarily. If possible, register with your newly created email and do not use phone number which is linked with your bank for verification. You can use separate phone number but always avoid social login.
- Do not share 100% personal information when registering on any new website.
- Create a new Google Account, or Facebook account for registering on New websites.
- If you suspect that your social account is hacked, immediately change your Bank’s registered email (if it is linked to your bank account)
- Hackers Can Attack Social Logins to Impersonate Users, IBM Study Shows
- Security Concerns of Social Login Usage at the 3rd Party Cloud Services
- Mitigating the Risks of Social Login by Harward Business
- Q&A: Is It safe to sign in with Google or Facebook? by NorTon
- Security and Privacy Risks when using Social Logins