According to a report by Group-IB, the data of approximately 100,000 individuals in India was compromised due to a hacking incident affecting their ChatGPT accounts.
The interest in ChatGPT, from all corners of the web, has been evident for the past several months. Powerful tools such as these are always going to attract users with both good and bad intentions.
For example, Sophos X-Ops have identified “fleeceware” apps on both the Apple and Google app stores. These apps charge subscription fees for what is available as a free product.
“We have also recently seen evidence that cybercriminals are using ChatGPT to craft phishing lures. Getting access to paid accounts, which removes some restrictions, raises rate limits, and uses the most current models is something that would be attractive to would-be thieves,” John Shier, Field CTO- Commercial, Sophos, said.
Once publicly released, there’s not much a user can do to claw their data back. In the case of user accounts, immediately changing the password and turning on multi-factor authentication (MFA) can possibly evict the imposters and prevent future compromise.
OpenAI accounts support MFA but only for legacy enrolments. As of 12 June 2023, OpenAI have paused new MFA enrolments. This is concerning. Not only should this be the default for a modern service, but also because of increased attention by cybercriminals.