Credentials of over 100,000 ChatGPT users have been stolen by malware, adding to the woes of the OpenAI chatbot regarding data security. This time around, it's not users' fault but OpenAI's security measures.
What Happened: Group-IB, a cyber intelligence firm, has revealed that over login credentials of over 100,000 ChatGPT users have been stolen by information-stealing malware between June 2022 and May 2023.
See Also: This Android Malware Is Back To Steal WhatsApp Backups: Here’s How To Stay Safe
Asia Pacific was the top target of this malware, accounting for 41% of the compromised accounts, followed by the Middle East at nearly 25% and Europe at nearly 17%. North America was low on the targeted regions, accounting for only 4.7% of the compromised accounts.
According to Group-IB, the top three information stealers were Raccoon, Vidar, and Redline, accounting for 97% of the compromised accounts. These malware steal credentials saved to web browsers and deploy encryption-breaking measures to decrypt the username and passwords.
Given that OpenAI does not require two-factor authentication on its website, these compromised credentials give rogue actors access to user data and their ChatGPT message history.
With enterprises integrating ChatGPT into their workflows and employees using it to optimize proprietary code, compromised credentials could give these hackers access to sensitive information.
Why It Important: ChatGPT emerged as the fastest-growing consumer application in history, crossing the 100 million monthly active users mark in just two months of launch.
In May, OpenAI acknowledged a data breach that allowed other users to access the chat history of other active ChatGPT users. On a deeper inspection, OpenAI found that sensitive information like names, addresses, last four digits of credit cards, and their expiry dates were also accessible.
While OpenAI has now added the ability to turn off chat history and also clear existing conversations, it still does not offer multi-factor authentication.
Check out more of Benzinga’s Consumer Tech coverage by following this link.
© 2024 Benzinga.com. Benzinga does not provide investment advice. All rights reserved.
Comments
Trade confidently with insights and alerts from analyst ratings, free reports and breaking news that affects the stocks you care about.
