There has been an uptick in the trade of stolen premium ChatGPT accounts on the dark web, according to Israeli cybersecurity firm Check Point.
The stolen accounts market on the dark web usually revolves around social media accounts, financial accounts, emails, and other personal accounts. However, there’s a growing market for stolen ChatGPT accounts.
Check Point said there has been “an increase in discussion and trade of stolen ChatGPT accounts” since March.
Cybercriminals are not only selling stolen premium ChatGPT accounts, but some are leaking stolen credentials for free. Sellers are also shopping tools to hack ChatGPT accounts and offering to open ChatGPT accounts at a cost (most likely using stolen credit cards).
The Market for Stolen ChatGPT Accounts
Check Point’s report includes screenshots showing ads for stolen ChatGPT accounts on dark web forums.
“Mostly those stolen accounts are being sold, but some of the actors also share stolen ChatGPT premium accounts for free, to advertise their own service or tools to steal accounts,” Check Point said.
Check Point observed one instance of a cybercriminal offering a “ChatGPT Plus lifetime account service, with 100% satisfaction guaranteed” for $59.99. If buyers share access to the account with another user, the price drops to $24.99.
Check Point also highlighted the sale of account checkers and tools used to brute-force ChatGPT accounts. One of these hacking tools — SilverBullet — is “frequently used by cybercriminals to conduct credential stuffing and account checking attacks against different websites, and thus steal accounts for online platforms,” the report explained.
Cybercriminals even offer “configuration files” that make it possible to automate hijacking accounts with SilverBullet, and “steal accounts on scale.” SilverBullet supports “proxy implementation” — akin to a VPN — allowing criminals to circumvent websites’ security systems.
Richard Stiennon, a research analyst at IT-Harvest, told VPNOverview that while the sale of stolen ChatGPT accounts is disturbing, the sale of stolen API keys is even more concerning. ChatGPT API keys allow developers to create applications using OpenAI’s models and data.
In February, Check Point revealed that cybercriminals are using OpenAI API to bypass the limitations and barriers to accessing ChatGPT.
Stolen API keys “could generate thousands of dollars in charges to the account holder,” Stiennon said.
How to Protect Your ChatGPT Account
Losing your ChatGPT account can have far-reaching consequences. When “cybercriminals steal existing accounts, they gain access to the queries from the account’s original owner,” Check Point said. “This can include personal information, details about corporate products and processes, and more.”
In February, cybersecurity firm Cyberhaven released a report revealing that employees at large companies repeatedly shared confidential data with ChatGPT several hundred times in a span of two months.
You can protect your ChatGPT account by using a secure password and avoiding any interaction with phishing emails. We recommend using a randomized password that’s at least 18 characters. A password manager can help you generate and store a highly secure password.
Remember, ChatGPT records your inputs to expand its AI model. So, never share confidential or personal information with the chatbot.
