100K+ Infected Devices Leak ChatGPT Accounts to the Dark Web

Infostealers are as alive as ever, wantonly sweeping up whatever business data might be of use to cybercriminals, including OpenAI credentials.

In the last year, at least 100,000 devices infected by various infostealer malwares have leaked ChatGPT credentials to the Dark Web.
Infostealers can collect just about anything: information about a target machine, cookies and browser histories, documents, and so on. More often than not, hackers profit off of this kind of bounty not just by utilizing it themselves, but by reselling it on the Dark Web. For example, online marketplaces regularly traffic in logs that contain victims account credentials for popular applications.
From June 2022 through last month,
cybersecurity firm Group-IB tracked
how many of these for-sale logs expose
ChatGPT accounts
. In total, it counted 101,134.
The malware overwhelmingly responsible for these leaks was Raccoon,
the infamous Russian-designed tool first discovered in 2019
. The Raccoon operation
briefly shut down early last year
after the death of its creator, only to
come back new and improved three months later
. Since then, it has been responsible for at least 78,348 devices leaking ChatGPT credentials.
Besides Raccoon, the researchers tracked 12,984 GPT-laden logs attributed to
Vidar
and 6,773 to
Redline
.
In the entire sample size, less than 5,000 infected devices were traced to North America. A plurality originated in the Asia-Pacific, with the biggest offenders being India (12,632) and Pakistan (9,217). Other countries with many exposed ChatGPT credentials included Brazil (6,531), Vietnam (4,771), and Egypt (4,558).
Last December — the first month ChatGPT was made available to the public — the researchers tracked 2,766 Dark Web stealer logs containing compromised accounts. That number surpassed 11,000 the following month and doubled two months after that. By May, the figure was up to 26,802.
In other words, the trendline is clearly only moving in one direction.
But ChatGPT credentials are almost beside the point, says Mike Parkin, senior technical engineer at Vulcan Cyber. Infostealers can be an issue, at least in part, because theyre not as outwardly destructive as, say, ransomware, which is hard to miss. A well obfuscated infostealer can be much harder to detect, precisely because it doesnt make itself known.
Because organizations can more easily miss infostealers than certain other kinds of malware, theyre liable to realize their sensitive data is gone only after its too late.
Depending on the strain of information stealer, hackers can be gathering everything from application and Web credentials to personal information, stored files, and system configurations. Organizations that have these malware infections in their environment could face having intellectual property, company financials, and pretty much any other data that lands on infected systems exposed, Parkin says.
As long as infostealers continue to run rampant, ChatGPT credentials will be the least of anybodys worries. The real question, Parkin asks, is what kind of data isnt being leaked by these kinds of malware?

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
100K+ Infected Devices Leak ChatGPT Accounts to the Dark Web