OpenAI says it's your fault your ChatGPT account got breached

OpenAI logo on wall
Dette AI-verktøyet lover å skulle omskape tekst til 3D-rendering på bare et par minutter – men det har sine begrensninger. (Image credit: / rafapress)

OpenAI has hit back after more than 100,000 user accounts were leaked on the dark web, with more expected to come. 

A representative from the company behind the highly popular AI writer ChatGPT told Tom's Hardware that it employs industry-standard security practices, and that the leak is "the result of commodity malware on people’s devices and not an OpenAI breach."

They added that, "We are currently investigating the accounts that have been exposed. OpenAI maintains industry best practices for authenticating and authorizing users to services including ChatGPT, and we encourage our users to use strong passwords and install only verified and trusted software to personal computers."

Racoon, Vidar, RedLine

Cybersecurity firm Group-IB detailed the leak in its Threat Intelligence report, finding that the stolen credentials belonged to users who logged into ChatGPT at any point between June 2022 and May 2023, with more predicated to leak from this and following months too.

Group-IB also added that logs from May contained the highest number of compromised ChatGPT accounts, and that the Asia-Pacific region has the highest concentration of credentials up for sale. 

Additional information in the logs that contained the ChatGPT accounts include lists of domains visited and the IP addresses of the users. 

Most of the leaked credentials were found within logs that were breached using various related info stealers, one of which being the infamous Racoon, which was used to compromise 78,348 accounts. 

Racoon is particularly dangerous due to its popularity and ease of use. Threat actors can pay a subscription to use it, and there are no real technical skills required to use it. Like other info stealers, Racoon also comes with other dangerous capabilities that allow cybercriminals to launch subsequent attacks automatically.

Vidar malware was also used to steal ChatGPT accounts, although it was responsible for far less than Racoon, only used to access 12,984 accounts. RedLine malware followed with 6,773 accounts falling to its ways.

Access to the logs also means that bad actors have access to your conversation history with the chatbot too, which could be especially damaging if you are using it at work and sharing trade secrets with it.

Lewis Maddison
Staff Writer

Lewis Maddison is a Staff Writer at TechRadar Pro. His area of expertise is online security and protection, which includes tools and software such as password managers. 

His coverage also focuses on the usage habits of technology in both personal and professional settings - particularly its relation to social and cultural issues - and revels in uncovering stories that might not otherwise see the light of day.

He has a BA in Philosophy from the University of London, with a year spent studying abroad in the sunny climes of Malta.