Cybercrims hop geofences, clamor for stolen ChatGPT accounts • Th... https://www.theregister.com/2023/04/15/cybercrims_hop_chatgpt_ge...

SIGN IN / UP

AI + ML

Cybercrims hop geofences, clamor for stolen

ChatGPT Plus accounts
Where there's a will…

Jessica Lyons Hardcastle Sat 15 Apr 2023 // 18:55 UTC

The market for stolen ChatGPT accounts, and especially Plus subscriptions, is on the rise
as miscreants in countries blocked by OpenAI try to hop the chatbot's geofences.

This uptick began in March, according to Check Point bods who say they've noticed an
"increase in the chatter in underground forums related to leaking or selling compromised
ChatGPT premium accounts."

By "premium" accounts, they mean ChatGPT Plus: the subscription service that costs $20
per month and gives users access to new features and faster response times, compared
to those using the free service.

While most of the stolen accounts are offered for sale, some criminals will share
compromised premium accounts "to advertise their own services or tools to steal the
accounts," the security shop said.

Russia, China, and Iran are among a handful of countries banned from using OpenAI, but
that hasn't stopped miscreants from blacklisted nations from looking for ways to skirt the
rules, and use the AI technology powering ChatGPT to advance their operations.

1 of 6 15/04/2023, 21:13
Cybercrims hop geofences, clamor for stolen ChatGPT accounts • Th... https://www.theregister.com/2023/04/15/cybercrims_hop_chatgpt_ge...

The chatbot can be used to produce text for phishing and other online scams, helping
criminals craft emails and other messages to trick their victims into handing over their
usernames and passwords.

It can also be used to generate trivial malware that manages to infect naive or poorly
defended networks, thus making hacking more cost-efficient, Sergey Shykevich, threat
intelligence group manager at Check Point, told The Register in an earlier interview.

"It allows people that have zero knowledge in development to code malicious tools and
easily to become an alleged developer," Shykevich said. "It simply lowers the bar to
become a cybercriminal."

In addition to advancing these types of criminal pursuits, stolen ChatGPT accounts

present another potential privacy risk, according to the research. Namely: the accounts
store the recent queries generated by the account owner.

2 of 6 15/04/2023, 21:13
Cybercrims hop geofences, clamor for stolen ChatGPT accounts • Th... https://www.theregister.com/2023/04/15/cybercrims_hop_chatgpt_ge...

This means when a criminal accesses someone else's account, they can see these
queries, which may include personal information and corporate details — despite
companies' warnings to employees not to feed sensitive info to the chatbot.

MORE CONTEXT
Italy will say ciao to ChatGPT ban if OpenAI does indeed think of the children

US cyber chiefs warn AI will help crooks, China develop nastier cyberattacks faster

Russian criminals can't wait to hop over OpenAI's fence, use ChatGPT for evil

Europol warns ChatGPT already helping folks commit crimes

One of the ways crooks are stealing and selling ChatGPT accounts is by using account
checkers and bruteforcing tools, the security team found. In one example, they found a
configuration file for SilverBullet for sale.

SilverBullet is yet another software tool that has both legitimate and criminal uses: it's a

3 of 6 15/04/2023, 21:13
Cybercrims hop geofences, clamor for stolen ChatGPT accounts • Th... https://www.theregister.com/2023/04/15/cybercrims_hop_chatgpt_ge...

web-testing suite that allows users to scrape data and automate penetration testing on a
target web app. But it's also a favorite among criminals for credential stuffing and account
attacks to steal login details.

In this specific case, the researchers spotted someone selling a configuration file for
SilverBullet that allows automated credential checks for ChatGPT. The software can
initiate between 50 and 200 checks per minute, and also supports proxy implementation,
which helps bypass protections against bruteforce attacks.

Another criminal who goes by "gpt4" on cybercrime forums not only sells ChatGPT
accounts, but also claims to have a configuration for an automated tool that
SIMILAR TOPICS checks
POST A COMMENT
credentials, the researchers said.
ChatGPT Check Point Cybercrime More like these
And in a third example, they spotted an ad for "ChatGPT Plus lifetime account service,"
where the seller guarantees the buyers "100 percent satisfaction."
TIP US OFF
Send us news
The lifetime upgrade of a regular ChatGPT Plus account costs $59.00 (as a reminter: the
legitimate service via OpenAI costs $20 per month). But for criminals that want to cut
costs, there's also the option to share access to a ChatGPT account with another
miscreant for the bargain lifetime price of $24.99.
Criminal records office yanks web Can ChatGPT bash together some
"Aportal
number of underground users have
offline amid 'cyber security already left positive feedback
data-stealing for this
code? With theservice,
right and
have vouched for it," according to Check Point's
incident' crew. sure
prompts,
ACRO says payment data safe, other info may But nothing a keen beginner couldn't do, anyway
This,
haveapparently,
been snaffledproves that even in the criminal underground, reviews matter. ®
CYBER-CRIME 9 days | 19 SECURITY 11 days | 12

Sponsored: Southwark Council – shifting beyond a legacy mindset

Uber driver info stolen yet again: This When it comes to technology, securing
time from law firm your future means securing your
Never mind software supply chain attacks, present
lawyers are the new soft target? How to build cyber resiliency in the face of
complexity
CYBER-CRIME 12 days | 13 SPONSORED FEATURE

4 of 6 15/04/2023, 21:13
Cybercrims hop geofences, clamor for stolen ChatGPT accounts • Th... https://www.theregister.com/2023/04/15/cybercrims_hop_chatgpt_ge...

Cops put the squeeze on Genesis Russia-pushed UN Cybercrime Treaty

crime souk denizens, not just the may rewrite global law. It's ... not great
admins this time SPECIAL REPORT Let's go through all the
Feds managed to image entire backend server proposed problematic powers, starting with
with full details surveillance and censorship
CYBER-CRIME 10 days | 1 CYBER-CRIME 20 hrs | 10

How much to infect Android phones CAN do attitude: How thieves steal
via Google Play store? How about cars using network bus
$20k It starts with a headlamp and fake smart speaker,
Or whatever you managed to haggle with these and ends in an injection attack and a vanished
miscreants motor
CYBER-CRIME 5 days | 9 RESEARCH 9 days | 197

US extradites Nigerian charged in $6m Cops cuff teenage 'Robin Hood hacker'
email fraud scam suspected of peddling stolen info
Maybe our prince has come at last Luxury cars and designer duds don't seem very
prince of thieves
CYBER-CRIME 23 hrs | 6 CYBER-CRIME 10 days | 24

Feds seize $112m in cryptocurrency Italy will say ciao to ChatGPT ban if
linked to 'pig-butchering' finance OpenAI does indeed think of the
scams children
Thieves go nose-to-tail stripping cash from victims UPDATED And also, privacy safeguards
CYBER-CRIME 11 days | 13 AI + ML 3 days | 7

5 of 6 15/04/2023, 21:13
Cybercrims hop geofences, clamor for stolen ChatGPT accounts • Th... https://www.theregister.com/2023/04/15/cybercrims_hop_chatgpt_ge...

The Register Biting the hand that feeds IT

About Us

Our Websites

Your Privacy

Copyright. All rights reserved © 1998–2023

6 of 6 15/04/2023, 21:13