Why Are Hackers Targeting ChatGPT Accounts And How To Protect Yourself

Uncover the rising threat to ChatGPT accounts from hackers, learn about the malware they use, and discover effective strategies to safeguard your data and privacy.

While the popularity of ChatGPT and other generative AI continues to soar, so does the interest of hackers and fraudsters in these technologies. Meta even found a spike in cases of malware pretending to be ChatGPT and similar AI software.

In its report, Meta said that since March 2023, its security researchers found 10 types of malware that use ChatGPT and similar services to spread malicious software to user devices.

Meta said the hackers who spread the DuckTail malware are now turning to ChatGPT to lure their victims. This malware can steal cookies on the browser and information from the victim's Facebook account, such as account information, location data, and 2FA codes. This malware also allows hackers to hijack Facebook Business accounts that victims can access.

This company, made by Mark Zuckerberg, also discovered a new malware called NodeStealer last January. Like DuckTail, this malware targets Windows-based browsers to steal cookies and stored login information to hijack Facebook, Gmail, and Outlook accounts.

Meta says it found more than 1,000 unique URLs offering malware pretending to be ChatGPT. Thousands of these links have also been blocked, so they cannot be distributed on Facebook, WhatsApp, and Instagram.

To prevent business Facebook accounts from being targeted by hackers, Meta will roll out a new feature to help businesses detect and remove malware.

Meta is also planning to release a new account type for businesses called 'Meta Work'. This account will make accessing Facebook Business Manager tools easier without a personal Facebook account.

More Than 100,000 Accounts Are Affected

Over 100,000 ChatGPT accounts were affected, and their data were sold on the dark web. IB, a Cybersecurity firm, concluded that around 100,000 logs and text containing users’ personal information were widely spread on underground sites.

However, the case doesn’t show a sign of decreasing. In fact, in 2023 alone, more than 26,000 accounts got hacked. According to a report from last year, Asia Pacific was the most compromised region, with more than 40,000 accounts hacked from the middle of 2022 to May 2023.

Africa came second with 24,925 accounts, later followed by Brazil and Pakistan.

The company mentioned that these many cases happened because hackers utilized Raccoon malware. And the way it works is similar to other types of malware, which steal users’ data from the inside after downloading specific files containing the malware.

Another possibility comes from the ChatGPT itself. Just recently, ChatGPT released a feature to save conversation history. If hackers could get their hands on this, they could also possibly check for leaked sensitive information.

With more and more companies integrating ChatGPT into their operational system, the risks got even more significant. Employees started to use it as their daily tool, and with more sensitive information “shared” there, the higher the possibility that the hackers could do their ways to breach the system.

Now, for those who don’t want ChatGPT to record their conversations, there’s an option to turn this feature off, which you can find right in the settings. If you have any previous conversations recorded, delete each of them manually.

However, you need to note that if the malware has infected your system, hackers could plant a keylogger inside, which will record any of your typing that can later be transcribed into text. So to make you better protected, never share any personal information on ChatGPT, even the smallest bit.

There are plenty of ways you can do to make yourself better protected, like installing a VPN, for example. VPN has been known to be one of the most effective ways to keep your personal information intact. You can strengthen Wi-Fi security with VPN, as long as the service is reputable and dependable. Other than using a VPN, you can also do other things to make you better protected, which we’ll explain below.

What You Need to Do

The first thing you need to do once you find out that your account has been infected is clean your device entirely from malware by using anti-malware software along with the anti-virus. The software will scan your whole storage and immediately eliminate the threat after it has been found.

You can also disable the history of your ChatGPT. Most users would forget that ChatGPT will record the conversations and put them into tabs that you can see on the left pane of the screen. So, try to check each of them and delete them.

Basic protection steps like keeping your password and username are also helpful for this case. Keep your ChatGPT account as fiercely as in the same way you keep your bank account. Remember what you share on ChatGPT; never input sensitive information about yourself there.

Last updated