Interest in artificial intelligence tools on the dark web has spiked as cybercriminals look to get their hands on users’ sensitive data, experts have warned.
Figures from threat exposure management company Flare identified more than 200,000 OpenAI credentials for sale on the dark web, each with the potential of enabling a hacker to pry open company secrets and personal information.
To blame for the exposure of these credentials is info-stealing malware, the logs of which likely include even more information that was not intended to be viewed by others.
Your ChatGPT login could be for sale
While the number of at-risk credentials is insignificant in comparison to the number of users (an estimated 100 million for ChatGPT), the figure is up from the approximately 101,000 credentials that were identified tucked away inside the logs of info-stealing malware earlier in June.
At the same time, a malicious ChatGPT alternative that has been trained using data about malware has been gaining popularity. With a few simple prompts, screenshots show the AI chatbot generating convincing-looking attacks that threat actors could use to share with victims via emails, ads, or web pages.
In response to previous cases of dark web-hosted credentials, OpenAI told Tom’s Hardware:
“OpenAI maintains industry best practices for authenticating and authorizing users to services including ChatGPT, and we encourage our users to use strong passwords and install only verified and trusted software to personal computers.”
Rather than a flaw in OpenAI’s system, victims are having their credentials exposed via info-stealing malware that could be coming from a range of entry points, including fake ads and scam emails designed to plant malware on host devices.
Flare recommends that those who consider themselves to be at risk conduct regular dark web monitoring and to use the most up-to-date endpoint protection software, many of which in recent months have been given AI boosts to improve detection. Companies are also urged to practice good Internet hygiene and to refresh staff training periodically.
Via Bleeping Computer