Your ChatGPT account and conversations could be for sale on the dark web

Your ChatGPT account and conversations could be for sale on the dark web

How hackers are exploiting ChatGPT’s data and what you can do to protect yourself

by Robert Puente

AI is sweeping across industries like a wave, opening up new frontiers and leaving regulators scrambling in its wake. It’s easy to see why – with tools like ChatGPT on the rise, the line between humans and machines blurs more each day. However, just when we thought we had our hands full with job displacement debates and drafting digital policies, a new issue sneaks up – ChatGPT accounts stolen and traded off on the dark web.

Some crafty cyber thieves have found a new market, not for gold or diamonds, but for AI-powered personas. These stolen ChatGPT accounts are changing hands in shadowy digital auctions, fueling the rise of cybercrime and identity theft.

man in hood using computer

The dark side of chatting with AI

Fresh from the cyber sleuths at Singapore-based Group-IB, over 100,000 ChatGPT accounts have been hijacked by info stealing-malware and are up for grabs in the illegal bazaars of the dark web. Forty percent of these leaked accounts trace back to the Asia-Pacific region. Indian-based credentials took the dubious top spot, contributing over 12,500 to the total. The United States isn’t far behind, ranking sixth with nearly 3,000 leaked logins. France, being seventh overall, holds the unfortunate honor of being the frontrunner for Europe. It’s a stark reminder that the consequences of cybercrime ripple across borders and do not discriminate on income or profession.

graph

Credit: Group-IB Threat Intelligence

Once inside, these digital trespassers get a free pass to all the chats and data stored on the accounts. In the blink of an eye, a casual chat with your AI buddy can become fodder for some bad actor on the dark web. This serves as a reminder that your chats with your AI pal are not as safe as you may have thought, and sensitive information should never be shared with any AI-powered bots or suspicious actors you come across online.

MORE: DON’T FALL FOR THESE FAKE, MALWARE-PRODUCING CHATGPT SITES

 

Is Open AI at fault?

Now, before anyone starts pointing fingers, OpenAI isn’t the one leaving the doors unlocked. No, the breach is happening closer to home, right on our devices. Cybercriminals are using malware to trick their way in, sometimes hidden in seemingly harmless links or attachments or slipping through the cracks in outdated software. Once they’re in, they can access all sorts of data, including ChatGPT account details. But as every cloud has a silver lining, so does this digital dilemma. There are ways to navigate this storm without going under.

MORE: HOW HACKERS ARE USING CHATGPT TO CREATE MALWARE TO TARGET YOU

 

Tips to protect your digital identity

Disable chat history in ChatGPT

Every ChatGPT user can turn off their chat history feature, and here’s how to do it:

How to disable chat history in ChatGPT

  • Log into the ChatGPT website
  • On your main chat screen, click on your profile icon at the bottom left to open a pop-up menu
  • Scroll up to settings and click it
  • Tap Data Controls
  • Next to Data Controls, turn off the Chat History & Training by toggling it off. Your ChatGPT history is now disabled

Note: Even when chat history is disabled, ChatGPT will still retain new conversations for 30 days and will be used for review only in the case of abuse monitoring. After 30 days, the conversations will be permanently deleted.

Clear old ChatGPT conversations

You can also clear old ChatGPT history. Here’s how you can do that:

How to clear old ChatGPT conversations

  • Log into the ChatGPT website
  • Click on your profile picture to see a pop-up menu
  • Then click on Clear Conversations to begin removing your chats
  • Click Confirm Clear Conversations to validate your choice. Your past ChatGPT conversation history will now be fully cleared

 

Steps to take to protect yourself against identity fraud

1) Monitor your accounts

Regularly review your bank statements, credit card statements, and other financial accounts for any unauthorized activity. If you notice any suspicious transactions, report them immediately to your bank or credit card company.

 

2) Place a fraud alert

Contact one of the three major credit reporting agencies (Equifax, Experian, or TransUnion) and request a fraud alert to be placed on your credit file. This will make it more difficult for identity thieves to open new accounts in your name without verification.

 

3) Check your credit reports

Obtain a free copy of your credit report from each of the three credit reporting agencies mentioned earlier. Review the reports carefully for any suspicious or unauthorized activity. If you find any inaccuracies or signs of fraud, report them to the credit reporting agency immediately.

 

4) Freeze your credit

Consider placing a credit freeze on your credit reports. This will restrict access to your credit file, making it difficult for anyone to open new accounts using your information. Keep in mind that this may also affect your ability to apply for new credit, so weigh the pros and cons before opting for a credit freeze.

 

5) Invest in identity theft protection

If you want a service that will walk you through every step of the reporting and recovery process, one of the best things you can do to protect yourself from this type of fraud is to subscribe to an identity theft service. My top recommendation is Identity Guard.

Identity Guard will monitor personal information like your Home title, Social Security Number (SSN), phone number, and email address and alert you if it is being sold on the dark web or being used to open an account.  They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.

One of the best parts of using Identity Guard includes identity theft insurance of up to 1 million dollars to cover losses and legal fees and a white glove fraud resolution team where a US-based case manager helps you recover any losses.

Special for CyberGuy Readers:  Save up to 51% with my top recommendation is Identity Guard.

Read more of my review of best identity theft protection services here

 

6) Be cautious of phishing attempts

Be vigilant about emails, phone calls, or messages from unknown sources asking for personal information. Avoid clicking on suspicious links or providing sensitive details unless you can verify the legitimacy of the request.  Invest in antivirus software.

Read more of my reviews for best antivirus protection here

your data for sale on teh dark web

7) Enable two-factor authentication

Enable two-factor authentication whenever possible. This adds an extra layer of security by requiring a second form of verification, such as a code sent to your phone, in addition to your password.

 

8) Check Social Security benefits

It is crucial to periodically check your Social Security benefits to ensure they have not been tampered with or altered in any way, safeguarding your financial security and preventing potential fraud.

 

9) Request an “Identity Protection Pin” from the IRS

By requesting an “Identity Protection Pin” from the Internal Revenue Service, individuals can effectively deter any attempts of unauthorized tax filing using their personal information.

 

10) Strengthen your passwords

Ensure that you have strong, unique passwords for your online accounts. Consider using a password manager to generate and store complex passwords securely. It will help you to create unique and difficult-to-crack passwords that a hacker could never guess. Second, it also keeps track of all your passwords in one place and fills passwords in for you when you’re logging into an account so that you never have to remember them yourself.  The fewer passwords you remember, the less likely you will be to reuse them for your accounts.

One of the best password managers out there is 1Password. With no known security breaches or vulnerabilities, 1Password is a solid option as a paid password manager. It utilizes a well-designed interface, which features core components that are expected from premium, paid password managers. At the time of publishing, it starts at $2.99 a month, billed annually, for a total of $35.88/year, and you can save more with a family option which includes 5 family members for $60/year.

Get more details about my best expert-reviewed Password Managers of 2023 here.

 

11) Keep software up to date

Regularly update your operating system, antivirus software, web browsers, and other applications to ensure you have the latest security patches and protections.

MORE: BEWARE OF THE FAKE CHATGPT PLUGIN THAT’S STEALING YOUR FACEBOOK LOGIN

 

12) Create alias email addresses

Creating email aliases can help protect your information and reduce spam by using additional email addresses that forward messages to your primary address, making it easier to manage incoming communications and avoid data breaches.

My #1 pick for secure and private email is StartMail, which allows users to create unlimited, customized aliases.  You can get an Exclusive deal for CyberGuy readers: 60% off: $23.98 for first year ($2 per month, billed annually).  Includes a free 7-day trial.

Some of StartMail’s best perks include:

  • StartMail email address
  • 10 GB of email
  • Unlimited aliases
  • Access email on any device
  • Import your contacts easily
  • No ads, no tracking
  • Send encrypted emails to anyone

See my review of best secure and private email services here

Control spam – How to create a quick alias email address

 

Kurt’s key takeaways

So, there we have it. The wild, wild web isn’t just about cat videos and online shopping anymore. AI’s making a splash, and with ChatGPT’s user accounts being swiped, it seems like we’re getting a taste of the future, albeit a slightly bitter one.

The good news, though? We’re far from defenseless. Unique and complex passwords, two-factor authentication, a healthy skepticism of suspicious emails, and regular device updates are just some of the weapons in our digital armory.

This begs the question, will AI serve as a tool for or against cyber criminals? Have you used ChatGPT? Will you use the chatbot more cautiously now? Let us know by commenting below.

FOR MORE OF MY SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE

 

 

Copyright 2023 CyberGuy.com.  All rights reserved.  CyberGuy.com articles and content may contain affiliate links that earn a commission when purchases are made.


   

Leave a Comment

GET MY FREE CYBERGUY REPORT
Subscribe to receive my latest Tech news, security alerts, tips and deals newsletter. (We won't spam or share your email with anyone else.)

By signing up, you agree to our Terms of Service and Privacy Policy. You may unsubscribe at any time.

Tips to avoid our newsletters going to your junk folder