The data of hundreds of thousands of OpenAI accounts are being offered for sale on the dark web.
This is according to research data from Flare. The security company analyzed dark web forums and marketplaces. Visitors to this part of the Internet appear to be able to obtain OpenAI login data relatively easily.
Flare speaks of more than 200,000 OpenAI credentials being offered for sale in this case. The user base for OpenAI applications is hefty, especially by ChatGPT. As recently as January, there were 100 million users; since then, even more people are said to have started using OpenAI applications. In addition to ChatGPT, OpenAI offers, for example, DALL-E for creating images.
Security firm Group-IB came across the login data of more than 100,000 ChatGPT on the dark web as recently as June. This makes the data of generative AI tools seem attractive for malicious practices.
In response to Group-IB’s findings, OpenAI stated that it is adopting industry best practices for authenticating and authorizing users. It also encourages users to use strong passwords and install only verified and trusted software on PCs.
Another worrisome development that shows cybercriminals interest in generative AI is WormGPT. This tool does not know the ethical frameworks of a ChatGPT, making it capable of aiding in malicious practices. For example, WormGPT can produce convincing BEC emails.