According to the security researchers, infostealers illicitly acquire collect just anything, be it information of a target machine, cookies and browser history, documents and so on. Hackers frequently make money off of this kind of bounty by reselling it on the Dark Web as well as using it themselves. For instance, logs containing the user names and passwords of victims for some popular applications are frequently transmitted to online markets.
According to a blog post by cybersecurity firm Group-IB published on June 20, over 101,000 devices with compromised logins for OpenAI's flagship bot and were later traded on the Dark Web.
The aforementioned figure is apparently is “the number of logs from stealer-infected devices that Group-IB analyzed,” according to Dmitry Shestakov, Group-IB threat intelligence head.
“Every log contained at least one combination of login credential and password for ChatGPT,” he added.
A peak was apparently seen in May last year, where nearly 27,000 ChatGPT-related information was made available on the illegal marketplaces.
Less than 5,000 infected devices out of the whole sample size could be tracked back to North America. The two countries with the highest percentage of Asian origins were India (12,632) and Pakistan (9,217). Brazil (6,531), Vietnam (4,771), and Egypt (4,558) were other nations where a large number of ChatGPT credentials were disclosed.
However, compromised ChatGPT logins may well be the tip of the iceberg, since the cases of Web stealers are on a constant surge.
The researchers monitored 2,766 Dark Web stealer logs including compromised accounts in December of last year, the first month ChatGPT was made available to the general public. The following month, it went over 11,000, and two months later, doubled. The figure increased to 26,802 by May.
To conclude, this trendline is obviously jutting in one direction.
However, according to senior technical engineer at Vulcan Cyber, Mike Parkin, "Infostealers can be an issue, at least in part, because they're not as outwardly destructive as, say, ransomware, which is hard to miss. A well obfuscated infostealer can be much harder to detect, precisely because it doesn't make itself known." Reason being, its more likely for firm to ignore than some other types of malware, where they are likely to discover their sensitive data has been stolen only after it is too late.