225,000 reasons for OpenAI to Reenable 2FA or GPT Accounts for Sale on the Darknet (and how to try and remediate)

Sam Bent

Mar 5, 2024 — 4 min read

225,000 compromised OpenAI ChatGPT credentials have been circulating on the Darknet, marking a significant cybersecurity concern that has persisted for over a year. This trend, initially highlighted in January 2023, underscores the continuous efforts of cybercriminals to exploit digital vulnerabilities.

As of 2024, reflecting on the past 14 months since these breaches were first identified, the persistence of this threat highlights the importance of robust cybersecurity practices. The period these credentials were actively sold, spanning nearly ten months, emphasizes the urgency for vigilant security measures among users and organizations. Group-IB’s Hi-Tech Crime Trends 2023/2024 report and additional findings on The Hacker News provide insight into this trend.

According to Group-IB, a global leader in cybersecurity, over 225,000 logs containing compromised OpenAI ChatGPT credentials were identified for sale on the dark web from January to October 2023. These findings highlight the persistent threat of cybercrime and the evolving tactics of cybercriminals targeting AI technologies. Like the locksmith and the thief, the battle of light and dark, or cybercriminal and gatekeeper, will forever be a perpetual battle.

As reported by Bleeping Computer, the exposed credentials were unearthed within logs tied to notorious information-stealing malware like LummaC2, Raccoon, and RedLine. Such malware has been a tool for cybercriminals to harvest and sell sensitive data on underground markets.

Group-IB’s Hi-Tech Crime Trends 2023/2024 report noted a significant increase in infected devices between August and September 2023. This trend underlines the dynamic nature of cyber threats and the critical need for adaptive cybersecurity measures.

From June to October 2023, the number of compromised unique hosts with access to OpenAI’s ChatGPT saw a 36% increase from the earlier part of the year. Group-IB’s analysis, detailed on their official website, reveals LummaC2, Raccoon, and RedLine as the leading malware families responsible, with LummaC2 accounting for the largest share of compromised hosts.

This surge in stolen ChatGPT credentials is attributed to the overall rise in hosts infected by information stealers, which are then sold on underground markets or via unregulated chat lists (UCLs), posing significant risks to both individuals and organizations. The rise in stolen credentials aligns with warnings from Microsoft and OpenAI regarding the potential misuse of AI and large language models (LLMs) by nation-state actors, as highlighted in reports on The Hacker News.

IBM X-Force’s 2024 X-Force Threat Intelligence Index further contextualizes this evolving threat landscape, indicating the growing sophistication of cyber threats as technology advances. The theft and sale of ChatGPT credentials are critical vulnerabilities that necessitate strengthened cybersecurity measures and awareness of current cybercrime trends.

Steps to Remediate and Secure Your ChatGPT Account

Given these security breaches, immediate action is essential to secure ChatGPT accounts. Unfortunately, as we pointed out before, ChatGPT currently doesn’t allow you to enable 2FA or multifactor authentication. So, what can we do? Let’s get into that.

Export Your Data

You don’t want to lose the stuff you were working on, so the first step is to export everything to your computer. To start this process of preserving a copy of your interactions with ChatGPT.

openai settings for chatgpt — *1. Go to the bottom left -> Settings*

Go to your account icon at the bottom left of the screen; you should see “Settings” when you click that.

data controls for chatgpt — *2. Click Data Controls -> “Export”*

Click on settings, and you will see on the left “Data Controls” on the left side.

exporting data for chatgpt — *3. Select the option to export*

Click the “Export” button for a message telling you you will get all your data.

confirming exporting of data in chatgpt — 4. *Confirm the export of the data to your email.*

We want to export our data, so click “Confirm Export”. In a little bit, it could be 10 minutes and a day, you will get an email from OpenAI with a zip file, and inside it will be all of your data. Once this is done, you can move on to part two.

Delete Conversations

Delete all conversations in your ChatGPT account after exporting your data to minimize risk.

deleting all conversations in chatgpt — *Delete all your conversations after exporting.*

We will do this by starting the same way and going to “Settings” once again after we click on the bottom left. Under Settings, you will see a red button that says “Delete ALL”. Click it and confirm the deletion.

Update Passwords

Use a robust and unique password for your ChatGPT account to prevent unauthorized access. No doubt, at this point, you can figure out how to go about doing this.

These measures are crucial for mitigating identity theft risks and securing your digital footprint against further breaches. Updating security settings and staying informed about potential cyber threats can foster a safer digital environment.