'ChatGPT premium accounts were stolen and sold on the dark web'

Check Point said that since March this year, there has been an increase in discussions and transactions related to ChatGPT on the dark web.

Check Point said in a blog post: “Last month, we observed discussions on underground forums related to leaking or selling compromised ChatGPT premium accounts. Increased. Most of the stolen accounts are sold, and some hackers will also share stolen ChatGPT premium accounts for free to promote their own services or tools to steal accounts."

Several cases surrounding ChatGPT Criminal Activity

Over the past month, researchers have observed various discussions and transactions related to ChatGPT on the dark web.

In the case of ChatGPT, the latest activity on the dark web includes leaks and free releases of credentials for ChatGPT accounts, as well as transactions for stolen premium ChatGPT accounts.

Cybercriminals are still using brute force and inspection tools to steal ChatGPT accounts. These tools enable cybercriminals to compromise ChatGPT accounts by running through large lists of email addresses and passwords, trying to guess the correct combination to access existing accounts.

Check Point said in its blog that some cybercriminals also offer ChatGPT Accounts as a Service, a service that specifically provides ChatGPT premium accounts, possibly using stolen payment cards.

SilverBullet configuration files for sale

Check Point said cybercriminals also sell SilverBullet configuration files that allow an automated way to check a set of credentials for the OpenAI platform.

SilverBullet is a web test suite that enables users to perform requests to target web applications. Cybercriminals also use the same method to conduct credential stuffing and account check attacks on different websites to steal accounts from online platforms.

Researchers said that, taking ChatGPT as an example, this allowed them to steal accounts on a large scale. The process is fully automated and can initiate 50 to 200 checks per minute. Furthermore, it supports proxy implementations, which in many cases can bypass different protection measures on websites.

Check Point company said: "For example, there is a cybercriminal who focuses on the abuse and fraud of ChatGPT products and even calls himself 'GPT-4'. In his posts, he not only sells ChatGPT accounts , also provides the configuration of another automated tool for checking the validity of credentials."

Lifetime upgrade to ChatGPT Plus

Check Point said a cybercriminal on March 20 Claims to provide ChatGPT Plus lifetime account service and guarantees 100% satisfaction.

Lifetime upgrades to regular ChatGPT Plus accounts cost $59.99 for buyers via email, while OpenAI’s original pricing for the service was $20 per month.

Check Point said: "To keep costs down, this underground service also offers the option to share access to a ChatGPT account with others for $24.99, with lifetime use."

What can be achieved using stolen ChatGPT account credentials?

There is a huge demand for stolen credentials of quality ChatGPT accounts as it helps cybercriminals transcend the geofence restrictions it imposes. ChatGPT has geo-fencing restrictions that restrict use in some specific countries and regions.

However, Check Point said that using the ChatGPT API, cybercriminals can bypass restrictions and also use paid accounts.

Another potential use for cybercriminals is to obtain personal information. ChatGPT accounts store a record of the account owner’s recent queries.

Check Point said in a blog post, "When cybercriminals steal an existing account, they can obtain query records from the original owner of the account. This may include personal information, company products and processes Details, etc."

In March this year, OpenAI, a company supported by Microsoft, revealed that a vulnerability in the Redis client open source library caused ChatGPT interruption and data leakage, and users could see other users' personal information and chat query records. .

The company admitted that about 1.2% of ChatGPT Plus users had their chat queries and personal information such as usernames, email addresses, payment addresses and some credit card information compromised.

Privacy Issues About ChatGPT

Over the past few months, various privacy and security issues have arisen surrounding ChatGPT. Italy’s data privacy watchdog has banned the ChatGPT chatbot from collecting and storing personal data due to alleged privacy violations. Authorities said they would lift the temporary ban on ChatGPT if the company meets a series of data protection requirements by April 30.

The German Data Protection Commissioner also warned that ChatGPT may face potential obstacles in Germany due to data security issues.

At the same time, OpenAI recently launched a bug bounty program, inviting global security researchers, ethical hackers and technology enthusiasts to help the company identify and remedy vulnerabilities in its generated artificial intelligence systems.

OpenAI will provide cash rewards, ranging from $200 to $20,000 for discovering vulnerabilities.

The above is the detailed content of 'ChatGPT premium accounts were stolen and sold on the dark web'. For more information, please follow other related articles on the PHP Chinese website!