A working phone number, an email, and an internet connection. That’s all you need to create an OpenAI ChatGPT account. The process is quick and simple, and you can create multiple accounts if you want to. But hackers are putting in enormous resources to steal ChatGPT accounts, even the free ones.
So what for? Why are ChatGPT accounts becoming a major attraction for hackers? What’s the reason behind the sudden surge in stolen ChatGPT accounts?
Why Are ChatGPT Accounts Being Hacked?
An investigation report by cybersecurity research firm, Group-IB has revealed that over 100,000 ChatGPT accounts have been compromised at the time of writing, and are being pawned off in covert black markets. The accounts which were stolen in a non-selective hacking campaign are typically compromised by threat actors using info stealer malware, some of which has been sitting in their victim’s computers even before the launch of ChatGPT.
So why are hackers going after ChatGPT accounts, and why are people willing to pay for these stolen accounts?
Stealing Sensitive Information
At first, losing your ChatGPT account doesn’t seem like something you should be worried about. But it is. Sure, if you lose a free account, you can create another within a few minutes. But what about the data it contains?
Remember that time you asked ChatGPT to suggest a strong password for your Gmail account? Or that time you used ChatGPT to process a confidential work document? How about the numerous times that you’ve asked the chatbot personal questions that can reveal a lot about your identity?
ChatGPT accounts may contain sensitive information that could be dangerous in the hands of malicious actors. As the chatbot becomes intricately woven into almost every aspect of our digital life, it becomes much more of a gold mine of personal data. This is one of the reasons hackers are gunning for as many of them as they can get their hands on. At the very least, this could lead to phishing attacks; it could lead to more serious issues, however, like identity theft.
Aware of such threats, companies like Google and Samsung—as well as Microsoft, a major backer of OpenAI—have all either warned or explicitly banned their staff from sharing company data with the AI chatbot. The fact that these companies are issuing such warnings means that mistakes might already be happening.
Reselling ChatGPT Accounts
While most of the world can access the ChatGPT website, some countries are officially banned from the platform. At the time of writing, China, with more than a billion potential users, is on this list. While residents from banned countries can use a VPN and other measures to bypass this restriction, buying cheap, stolen premium accounts is also appealing. This naturally creates a market for stolen ChatGPT Plus accounts, some of which are auctioned off to more than one user. With a readily available market, hackers are naturally incentivized to steal ChatGPT accounts.
How to Protect Your ChatGPT Account
Since ChatGPT accounts have become a prime target for hackers, how can you protect your ChatGPT account? Here are two ways to stay safe.
1. Set Up Two-Factor Authentication (2FA) on Your Account
Multi-factor authentication like 2FA is the gold standard for securing your online accounts; your ChatGPT account is no exception. Here’s how to set up 2FA for your ChatGPT account:
- Tap your account name in the bottom right of your ChatGPT chat interface.
- Tap Settings > Data controls and then Enable beside Enable two-factor authentication to turn on the feature for your account
Unfortunately, at the time of writing, the 2FA feature has been temporarily disabled. If you can access the feature at the time of reading this, turn it on. If not, check back and turn it on whenever OpenAI restores this vital feature.
2. Clear Your ChatGPT Conversations
As secure as it is, two-factor authentication is not a fool-proof security measure. To ensure that the sensitive information you’ve shared in your ChatGPT conversations doesn’t fall into the wrong hands, regularly clear your saved ChatGPT conversations. To do this:
- Tap your account name in the bottom left corner of your ChatGPT interface.
- Go to Clear Conversations > Confirm clear conversations to delete all your saved conversations.
Protect Your ChatGPT Accounts From Hackers
While the threat of losing your ChatGPT account might not seem like something to lose sleep over, losing it to malicious actors could be a big problem. ChatGPT should receive the same level of attention you give to other sensitive accounts like your email, especially if you use it for a wide range of personal tasks. Don’t be caught unaware: take the necessary steps to protect your ChatGPT account and yourself.