According to research conducted by Check Point, the exchange of pilfered ChatGPT account login information, particularly premium accounts, has increased on the dark web since March. This practice enables cybercriminals to bypass OpenAI's geofencing restrictions and obtain unrestricted access to ChatGPT.
Criminal activities around ChatGPT
Over the course of the past month, researchers have noted different types of conversations and transactions taking place on the dark web pertaining to ChatGPT.
According to a blog post by Check Point, recent activity related to ChatGPT on the dark web involves the leakage and unauthorized distribution of ChatGPT account login information, as well as the sale of stolen premium ChatGPT accounts.
In addition, cybercriminals are trading tools such as brute forcing and checkers, which can be used to hack into ChatGPT accounts by trying multiple combinations of email addresses and passwords. Another service being offered is the creation of ChatGPT premium accounts, likely using stolen payment cards, through a dedicated account-as-a-service.
SilverBullet configuration for sale
Check Point has reported that cybercriminals are selling a configuration file for SilverBullet, which enables automated checking of a set of credentials for OpenAI's platform. SilverBullet is a web testing suite that enables users to make requests to a target web application. However, cybercriminals also utilize it to carry out attacks such as credential stuffing and account checking on various websites, with the aim of stealing accounts from online platforms.
Researchers have explained that in the context of ChatGPT, this functionality enables cybercriminals to steal accounts on a large scale. The entire process is automated, and can perform between 50 to 200 checks per minute. Furthermore, it supports proxy implementation, which often enables it to bypass various protections on websites designed to prevent such attacks.
Lifetime upgrade of regular ChatGPT Plus
On March 20th, Check Point reported that a cybercriminal who speaks English began promoting a lifetime ChatGPT Plus account service, which comes with a guarantee of 100% satisfaction. The cybercriminal is offering a lifetime upgrade to a regular ChatGPT Plus account for $59.99, which is much higher than the legitimate price of $20 per month set by OpenAI. Alternatively, the service offers a cheaper option of sharing access to the ChatGPT account with another cybercriminal for $24.99 for a lifetime, in order to reduce costs.
Stolen ChatGPT account credentials-for what use?
According to Check Point, premium ChatGPT account credentials are highly sought-after by cybercriminals due to their potential to circumvent geofencing restrictions implemented by the service, which limits access in certain regions such as China, Russia, and Iran.
By exploiting the ChatGPT API, hackers can evade these restrictions and gain access to premium accounts. Additionally, cybercriminals could potentially leverage these stolen accounts to obtain personal data, as the accounts store a history of the owner's recent queries.
Check Point stated in their blog that if cybercriminals obtain already existing accounts, they can acquire the inquiries made by the original account owner. This may comprise of private information, information regarding corporate products and operations, and additional data.
Last March, OpenAI, which is supported by Microsoft, disclosed that an open-source Redis client library bug resulted in a ChatGPT outage and data breach. This led to the exposure of personal information and chat queries of some users, where they were able to view details of other users. The exposed data included subscriber names, email addresses, payment addresses, and partial credit card information, affecting roughly 1.2% of ChatGPT Plus subscribers, according to the company's admission.