Thousands of OpenAI credentials found for sale on the dark web

Carelessness is exposing OpenAI passwords

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Interest in artificial intelligence tools on the dark web has spiked as cybercriminals look to get their hands on users’ sensitive data, experts have warned.

Figures from threat exposure management company Flareidentifiedmore than 200,000OpenAIcredentials for sale on the dark web, each with the potential of enabling a hacker to pry open company secrets and personal information.

To blame for the exposure of these credentials is info-stealingmalware, the logs of which likely include even more information that was not intended to be viewed by others.

Your ChatGPT login could be for sale

While the number of at-risk credentials is insignificant in comparison to the number of users (an estimated 100 million forChatGPT), the figure is up from the approximately101,000 credentials that were identifiedtucked away inside the logs of info-stealing malware earlier in June.

These are the best identity theft protection tools around>USB drive malware is on the rise, so watch out>This newly-discovered malware targets Windows to steal sensitive data

At the same time, a malicious ChatGPT alternative that has been trained using data about malware has been gaining popularity. With a few simple prompts, screenshots show the AIchatbotgenerating convincing-looking attacks that threat actors could use to share with victims via emails, ads, or web pages.

In response to previous cases of dark web-hosted credentials, OpenAI toldTom’s Hardware:

“OpenAI maintains industry best practices for authenticating and authorizing users to services including ChatGPT, and we encourage our users to use strong passwords and install only verified and trusted software to personal computers.”

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Rather than a flaw in OpenAI’s system, victims are having their credentials exposed via info-stealing malware that could be coming from a range of entry points, including fake ads and scam emails designed to plant malware on host devices.

Flare recommends that those who consider themselves to be at risk conduct regular dark web monitoring and to use the most up-to-dateendpoint protection software, many of which in recent months have been given AI boosts to improve detection. Companies are also urged to practice good Internet hygiene and to refresh staff training periodically.

ViaBleeping Computer

With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!

Samsung plans record-breaking 400-layer NAND chip that could be key to breaking 200TB barrier for ultra large capacity AI hyperscaler SSDs

Adobe’s decision to eliminate perpetual licensing for its Elements software has stirred controversy among consumers

New fanless cooling technology enhances energy efficiency for AI workloads by achieving a 90% reduction in cooling power consumption