Stolen ChatGPT accounts for sale on the dark web

Sign up to our free weekly IndyTech newsletter delivered straight to your inbox

Sign up to our free IndyTech newsletter

Please enter a valid email address

Please enter a valid email address

SIGN UP

I would like to be emailed about offers, events and updates from The Independent. Read our privacy policy

Hundreds of thousands of stolen login credentials for ChatGPT are being listed for sale on dark web markets, security researchers have warned.

Cyber security firm Flare discovered over 200,000 OpenAI logins on the dark web – a section of the internet unreachable through conventional web browsers – offering criminals a way to access users’ accounts or simply use the premium version of the AI tool for free.

The Independent has reached out to OpenAI for further information and comment. The AI firm previously defended its security practices after a smaller batch of credentials were discovered online.

“OpenAI maintains industry best practices for authenticating and authorising users to services including ChatGPT,” a spokesperson said last month. “We encourage our users to use strong passwords and install only verified and trusted software to personal computers.”

The listings come amid a surge in interest in generative artificial intelligence from malicious actors, with discussions about ChatGPT and other AI chatbots flooding criminal forums.

Research published in March found that the number of new posts about ChatGPT on the dark web grew seven-fold between January and February this year.

Security firm NordVPN described the exploitation of ChatGPT as “the dark web’s hottest topic”, with cyber criminals seeking to “weaponise” the technology.

Among the topics under discussion were how to create malware with ChatGPT and ways to hack the AI tool to make it carry out cyber attacks.

Earlier this month, researchers discovered a ChatGPT-style AI tool with “no ethical boundaries or limitations” called WormGPT.

It was described as ChatGPT’s “evil twin”, allowing hackers to perform attacks on a never-before-seen scale.

“ChatGPT has carried out certain measures to limit nefarious use of its application but it was inevitable that a competitor platform would soon take advantage of using technology for illicit gain,” Jake Moore, an advisor at the cyber security firm ESET, told The Independent.

“AI chat tools create a powerful tool but we are wandering into the next phase which casts a dark cloud over the technology as a whole.”