Group-IB, a global cybersecurity leader headquartered in Singapore, revealed that in the last year, the credentials of 2,464 ChatGPT users from Bangladesh were breached through info-stealing malware in devices.
In a media report published on Tuesday, the cybersecurity company's Threat Intelligence platform reported that a total of 101,134 accounts were compromised globally, with 26,802 incidents occurring in May 2023 alone.
The Asia-Pacific region experienced the highest impact, with 40,999 compromised accounts.
Bangladesh stood at the 10th position in terms of the number of compromised ChatGPT credentials between June 2022 and May 2023.
On the other hand, India ranked first with 12,632 compromised ChatGPT accounts.
The other countries that were susceptible to compromised data were Pakistan, ranking 2nd in the list, Brazil, ranking 3rd, Vietnam, Egypt, United States, France, Morocco and Indonesia.
According to experts from Group-IB, an increasing number of employees are utilizing the chatbot to enhance their work efficiency in software development and business communications.
It is important to note that ChatGPT retains a record of user queries and AI responses.
As a result, info-stealing malware that has access to ChatGPT accounts could potentially expose confidential and sensitive information, creating the risk of targeted attacks against companies and their employees.
Info-stealing malware is designed to gather various sensitive information from web browsers, including saved credentials, banking details, crypto wallet data, cookies, browsing history, and more.
This collected data is then transmitted to the malware operator.
In addition to browsers, these stealers can also target instant messengers, and emails, and extract detailed information about the victim's device.
Unlike targeted attacks, info stealers operate indiscriminately, infecting numerous computers through methods like phishing to maximize data collection.
Due to their simplicity and effectiveness, info stealers have become a significant source of compromised personal information.
The logs containing the harvested data are actively traded on dark web marketplaces, often including domain lists found in the logs and information about compromised host IP addresses.
Group-IB recommended users enhance security measures for ChatGPT accounts by regularly updating passwords and enabling two-factor authentication as a precaution against potential risks.
