Connect with us

Malware

Breaking News: Massive Cyber Attack on ChatGPT – Over 100,000 User Accounts Compromised by Malicious Malware

A new malware strain can steal sensitive information from popular chatbot platforms, including ChatGPT. Researchers from cybersecurity firm Group-IB discovered the malware on a hacker forum, where it was being sold for $200. The malware can exfiltrate chat logs, user data and tokens, and other sensitive information stored on the infected machine. Over 100,000 ChatGPT accounts have reportedly been compromised by the malware.

Published

on

Breaking News: Woman's head compromised by Malicious Malware on pink and purple background.

According to data from dark web marketplaces, more than 101,000 ChatGPT user accounts have fallen victim to information-stealing malware over the past year.

Group-IB, a cyberintelligence firm, has identified over a hundred thousand info-stealer logs containing ChatGPT accounts on various underground websites. The peak of these attacks was observed in May 2023, when threat actors posted 26,800 new ChatGPT credential pairs.

The Asia-Pacific region was the most targeted, with almost 41,000 compromised accounts between June 2022 and May 2023, followed by Europe with nearly 17,000, and North America with 4,700.

Victims distribution
Victims distribution (Group-IB)

Information stealers are a type of malware that targets account data stored on applications such as email clients, web browsers, instant messengers, gaming services, and cryptocurrency wallets. These malware types are known for stealing credentials saved to web browsers by extracting them from the program’s SQLite database and abusing the CryptProtectData function to reverse the encryption of the stored secrets. The credentials and other stolen data are then packaged into archives called logs and sent back to the attackers’ servers for retrieval.

ChatGPT accounts, alongside email accounts, credit card data, cryptocurrency wallet information, and other more traditionally targeted data types, signify the rising importance of AI-powered tools for users and businesses. With ChatGPT allowing users to store conversations, accessing one’s account could mean gaining insights into proprietary information, internal business strategies, personal communications, software code, and more.

“Many enterprises are integrating ChatGPT into their operational flow,” comments Group-IB’s Dmitry Shestakov. “Employees enter classified correspondences or use the bot to optimize proprietary code. Given that ChatGPT’s standard configuration retains all conversations, this could inadvertently offer a trove of sensitive intelligence to threat actors if they obtain account credentials.”

Due to these concerns, tech giants like Samsung have banned staff from using ChatGPT on work computers, going as far as threatening to terminate the employment of those who fail to follow the policy.

Group-IB’s data indicates that the number of stolen ChatGPT logs has grown steadily over time, with almost 80% of all logs coming from the Raccoon stealer, followed by Vidar (13%) and Redline (7%).

Compromised ChatGPT accounts
Compromised ChatGPT accounts (Group-IB)

If you input sensitive data on ChatGPT, consider disabling the chat saving feature from the platform’s settings menu or manually delete those conversations as soon as you are done using the tool. However, it should be noted that many information stealers snap screenshots of the infected system or perform keylogging, so even if you do not save conversations to your ChatGPT account, the malware infection could still lead to a data leak.

Unfortunately, ChatGPT has already suffered a data breach, where users saw other users’ personal information and chat queries. Therefore, those working with extremely sensitive information shouldn’t trust inputting it on any cloud-based services, but only on secured locally-built and self-hosted tools.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Malware

Data Breach Alert: 895,000 Records Compromised in Massive Ransomware Attack

Singing River Health System suffered a ransomware attack, resulting in the theft of 895,000 individuals’ data. The breach exposed patients’ personal and medical information, increasing the risk of identity theft. Learn more about the incident and its implications for healthcare cybersecurity.

Published

on

Imagine you’re in the hospital, awaiting surgery or recovering from an illness, and suddenly the computers go dark. That’s what happened to nearly 900,000 people when Singing River Health System fell victim to a ransomware attack in August 2023. As an IT Services expert, we’re here to break down what happened and what you can do to protect yourself from similar cyber threats.

The Attack on Singing River Health System

Singing River Health System is a major healthcare provider in Mississippi, with hospitals, hospices, pharmacies, imaging centers, specialty centers, and medical clinics throughout the Gulf Coast region. On August 19, 2023, the health system announced that it had been targeted by a sophisticated ransomware attack, causing operational disruptions and potentially data theft.

Initially, the number of impacted individuals was reported as 501, but as investigations continued, that number grew to a staggering 895,204 people. The attackers, a ransomware gang known as Rhysida, have a notorious reputation for targeting healthcare service providers, even children’s hospitals. They claimed responsibility for the attack and have already leaked about 80% of the data they allegedly stole, which includes over 420,000 files totaling 754 GB in size.

What Data Was Exposed?

According to Singing River’s latest update, the exposed data includes:

  • Full name
  • Date of birth
  • Physical address
  • Social Security Number (SSN)
  • Medical information
  • Health information

Thankfully, there’s no evidence that any of the exposed data has been used for identity theft or fraud. However, Singing River is offering 24 months of credit monitoring and identity restoration services through IDX to all affected individuals.

What Can You Do to Protect Yourself?

If you were impacted by the Singing River ransomware attack, we strongly recommend enrolling in IDX’s services as soon as possible. Additionally, take these precautions:

  • Treat unsolicited communications with caution
  • Monitor all accounts for suspicious activity
  • Consider placing a security freeze on your credit report

Remember, cyber threats are constantly evolving, and it’s essential to stay informed and proactive.

Stay Safe and Informed with IT Services

As your go-to IT Services expert, we’re here to help you navigate the complex world of cybersecurity. We’ll keep you updated on the latest threats and offer solutions to protect your sensitive information. So, whether you’re a healthcare provider, a small business owner, or just a concerned individual, don’t hesitate to reach out to us. Together, we can stay one step ahead of cyber criminals.

Continue Reading

Malware

Helsinki Hit by Data Breach: Hackers Exploit Unpatched Vulnerability

Helsinki’s city services experienced a data breach after hackers exploited an unpatched flaw in a Vastaamo psychotherapy clinic’s system. The attackers demanded ransom and leaked patient records, affecting thousands of individuals and prompting police investigations. Ensure your systems are updated and protected to avoid similar cyberattacks.

Published

on

Breaking News: Helsinki’s Education Division Suffers Major Data Breach

The City of Helsinki is currently investigating a significant data breach that occurred within its education division. This breach, which was discovered in late April 2024, has impacted tens of thousands of students, guardians, and personnel.

What Happened?

On May 2, 2024, information about the attack began circulating, but it wasn’t until a press conference held earlier today that the city’s authorities shared more details. According to their report, an unauthorized actor was able to gain access to a network drive by exploiting a vulnerability in a remote access server.

Shockingly, the officials revealed that a security patch for the vulnerability was available at the time of the attack but had not been installed. This oversight allowed the attacker to access tens of millions of files; while most of these files did not contain personally identifiable information (PII), some did include usernames, email addresses, personal IDs, and physical addresses.

The Stakes Are High

Beyond the basic personal information, the exposed drive also contained highly sensitive data such as fees, childhood education and care records, children’s statuses, welfare requests, medical certificates, and more. Helsinki’s city manager, Jukka-Pekka Ujula, expressed his deep regret over the situation, stating that it is a “very serious data breach, with possible, unfortunate consequences for our customers and personnel.” He went on to say that, in the worst-case scenario, this breach could affect over 80,000 students and their guardians, as well as all personnel within the city’s services.

What’s Being Done?

Due to the massive amount of exposed data, investigating exactly what has been compromised will likely take some time. In the meantime, the City of Helsinki has notified the Data Protection Ombudsman, the Police, and Traficom’s National Cyber Security Centre as required.

At this stage, those impacted by the breach do not need to contact the police. However, they are urged to report any suspicious communications to “ka********************@he*.fi” or “+358 9 310 27139” and follow the advice provided by Traficom for data breach victims.

Who’s Behind the Attack?

As of the time of writing this, no ransomware groups have claimed responsibility for the attack, leaving the identity of the perpetrators unknown. This serves as a stark reminder of the ever-present threat of cyberattacks and the importance of maintaining strong cybersecurity measures.

Stay Informed and Stay Safe

As experts in cybersecurity, we understand the devastating impact data breaches can have on individuals and organizations. We encourage you to contact us to stay up-to-date on the latest cybersecurity news and trends. Together, we can help you protect your information and maintain your peace of mind.

Continue Reading

Malware

Australia’s Top Non-Bank Lender Issues Dire Warning of Massive Data Breach

Australian non-bank lender Firstmac has warned customers of a potential data breach. The mortgage provider discovered unauthorized access to its client relationship management system. Firstmac urged clients to remain vigilant and monitor their accounts, while assuring that no financial data was compromised. The company is working with cybersecurity experts to investigate the incident.

Published

on

Firstmac Limited, a major player in Australia’s financial services industry, recently experienced a data breach. Just one day after the new Embargo cyber-extortion group claimed to have stolen over 500GB of data from the company, Firstmac began warning customers of the incident.

With a focus on mortgage lending, investment management, and securitization services, Firstmac is headquartered in Brisbane, Queensland. The company has issued 100,000 home loans and currently manages $15 billion in mortgages, employing 460 people.

Recently, we came across a sample of the notification letter sent to Firstmac customers, which detailed the severity of the data breach.

Tweet

The letter explained that an unauthorized third party accessed part of Firstmac’s IT system. Upon detecting the incident, the company immediately took steps to secure their system.

Following an investigation conducted with the help of external cybersecurity experts, Firstmac confirmed that the following information was compromised:

  • Full name
  • Residential address
  • Email address
  • Phone number
  • Date of birth
  • External bank account information
  • Driver’s license number

Despite the breach, Firstmac assured customers that their accounts and funds remain secure, and the company has since strengthened its systems.

Among the security measures introduced is a new requirement for all account changes to confirm the user’s identity using two-factor authentication or biometrics. Customers who received the notice are also provided with free identity theft protection services through IDCare and are advised to remain cautious with unsolicited communications and regularly check their account statements for unusual activity.

New Embargo gang claimed the attack

Australian news outlets reported about the attack on Firstmac in late April after the Embargo extortion group announced it on its data leak site.

On Thursday, Embargo leaked all data they claimed to have stolen from Firstmac’s systems, including documents, source code, email addresses, phone numbers, and database backups.

Embargo leak
Embargo leak of Firstmac data
Source: IT Services

The new threat group currently only lists two victims on its extortion page, and it’s unclear whether they committed the breaches themselves or bought the stolen data from others to blackmail the owners.

Samples of Embargo encryptors have yet to be found, so it’s unknown if they are a ransomware group or simply focus on extortion.

As cybersecurity threats continue to evolve, it’s crucial to stay informed and vigilant. We encourage you to keep coming back to learn more about the latest developments in cybersecurity and how you can better protect your personal information. Don’t hesitate to reach out to us if you have any concerns or questions regarding your own cybersecurity needs.

Continue Reading

Trending

Copyright © 2023 IT Services Network.