Report an incident

Get 24/7 incident response assistance from our global team

Talk to sales

Just fill out the form, and our representative will contact you soon.

Join the Cybercrime Fighters Club

Please review the following rules before submitting your application:

1. Our main objective is to foster a community of like-minded individuals dedicated to combatting cybercrime and who have never engaged in Blackhat activities.

2. All applications must include research or a research draft. You can find content criteria in the blog. Please provide a link to your research or research draft using the form below.

Group-IB Discovers 100K+ Compromised ChatGPT Accounts on Dark Web Marketplaces; Asia-Pacific region tops the list

Media Center Press Releases
June 20, 2023 · 4 min to read
ChatGPT
Information stealers
Threat Intelligence

This press release has been written with the assistance of ChatGPT

Singapore, June 20, 2023 Group-IB, a global cybersecurity leader headquartered in Singapore, has identified 101,134 stealer-infected devices with saved ChatGPT credentials. Group-IB’s Threat Intelligence platform found these compromised credentials within the logs of info-stealing malware traded on illicit dark web marketplaces over the past year. The number of available logs containing compromised ChatGPT accounts reached a peak of 26,802 in May 2023. According to Group-IB’s findings, the Asia-Pacific region has experienced the highest concentration of ChatGPT credentials being offered for sale over the past year.

Group-IB’s experts highlight that more and more employees are taking advantage of the Chatbot to optimize their work, be it software development or business communications. By default, ChatGPT stores the history of user queries and AI responses. Consequently, unauthorized access to ChatGPT accounts may expose confidential or sensitive information, which can be exploited for targeted attacks against companies and their employees. According to Group-IB’s latest findings, ChatGPT accounts have already gained significant popularity within underground communities.

Group-IB’s Threat Intelligence platform stores the industry’s largest library of dark web data, monitors cybercriminal forums, marketplaces, and closed communities in real time to identify compromised credentials, stolen credit cards, fresh malware samples, access to corporate networks, and other critical intelligence that enables companies to identify and mitigate cyber risks before further damage is done. Group-IB’s analysis of underground marketplaces revealed that the majority of logs containing ChatGPT accounts have been breached by the infamous Raccoon info stealer. The growing popularity of the AI-powered chatbot is evident in the consistent increase of compromised ChatGPT accounts observed by the Group-IB Threat Intelligence team throughout the past year.

chatGPT acoounts compromised by info stealers

Info stealers are a type of malware that collects credentials saved in browsers, bank card details, crypto wallet information, cookies, browsing history, and other information from browsers installed on infected computers, and then sends all this data to the malware operator. Stealers can also collect data from instant messengers and emails, along with detailed information about the victim’s device. Stealers work non-selectively. This type of malware infects as many computers as possible through phishing or other means in order to collect as much data as possible. Info stealers have emerged as a major source of compromised personal data due to their simplicity and effectiveness. Logs containing compromised information harvested by info stealers are actively traded on dark web marketplaces. Additional information about logs available on such markets includes the lists of domains found in the log as well as the information about the IP address of the compromised host.

By analyzing this information, Group-IB’s Threat Intelligence unit identified the countries and regions with the highest concentration of stealer-infected devices with saved ChatGPT credentials. The Asia-Pacific region saw the largest number of ChatGPT accounts stolen by info stealers (40.5%) between June 2022 and May 2023.

geographical distribution of stealer infected devices with saved chatgpt credentials

“Many enterprises are integrating ChatGPT into their operational flow. Employees enter classified correspondences or use the bot to optimize proprietary code. Given that ChatGPT’s standard configuration retains all conversations, this could inadvertently offer a trove of sensitive intelligence to threat actors if they obtain account credentials. At Group-IB, we are continuously monitoring underground communities to promptly identify such accounts.”

Dmitry Shestakov
Dmitry Shestakov

Head of Threat Intelligence at Group-IB

To mitigate the risks associated with compromised ChatGPT accounts, Group-IB advises users to update their passwords regularly and implement two-factor authentication. By enabling 2FA, users are required to provide an additional verification code, typically sent to their mobile devices, before accessing their ChatGPT accounts.

Having visibility into dark web communities allows organizations to identify if their sensitive data or customer information is being leaked or sold. Real-time Threat Intelligence enables them to take proactive action to mitigate the impact, notify affected individuals, and strengthen their security posture to prevent further damage. Using real-time threat intelligence, companies can better understand the threat landscape, proactively protect their assets, and make informed decisions to strengthen their overall cybersecurity posture.

Try Threat Intelligence by Group-IB

Defeat threats efficiently and identify attackers proactively with a revolutionary cyber threat intelligence platform

Request a demo

About Group-IB

Founded in 2003 and headquartered in Singapore, Group-IB is a leading creator of cybersecurity technologies to investigate, prevent, and fight digital crime. Combating cybercrime is in the company’s DNA, shaping its technological capabilities to defend businesses, citizens, and support law enforcement operations.

Group-IB’s Digital Crime Resistance Centers (DCRCs) are located in the Middle East, Europe, Central Asia, and Asia-Pacific to help critically analyze and promptly mitigate regional and country-specific threats. These mission-critical units help Group-IB strengthen its contribution to global cybercrime prevention and continually expand its threat-hunting capabilities.

Group-IB’s decentralized and autonomous operational structure helps it offer tailored, comprehensive support services with a high level of expertise. We map and mitigate adversaries’ tactics in each region, delivering customized cybersecurity solutions tailored to risk profiles and requirements of various industries, including retail, healthcare, gambling, financial services, manufacturing, crypto, and more.

The company’s global security leaders work in synergy with some of the industry’s most advanced technologies to offer detection and response capabilities that eliminate cyber disruptions agilely.

Group-IB’s Unified Risk Platform (URP) underpins its conviction to build a secure and trusted cyber environment by utilizing intelligence-driven technology and agile expertise that completely detects and defends against all nuances of digital crime. The platform proactively protects organizations’ critical infrastructure from sophisticated attacks while continuously analyzing potentially dangerous behavior all over their network.

The comprehensive suite includes the world’s most trusted Threat Intelligence, The most complete Fraud Protection, AI-powered Digital Risk Protection, Multi-layered protection with Managed Extended Detection and Response (XDR), All-infrastructure Business Email Protection, and External Attack Surface Management.

Furthermore, Group-IB’s full-cycle incident response and investigation capabilities have consistently elevated industry standards. This includes the 77,000+ hours of cybersecurity incident response completed by our sector-leading DFIR Laboratory, more than 1,400 successful investigations completed by the High-Tech Crime Investigations Department, and round-the-clock efforts of CERT-GIB.

Time and again, its solutions and services have been revered by leading advisory and analyst agencies such as Aite Novarica, Gartner®, Forrester, Frost & Sullivan, KuppingerCole Analysts AG, and more.

Being an active partner in global investigations, Group-IB collaborates with international law enforcement organizations such as INTERPOL, EUROPOL and AFRIPOL to create a safer cyberspace. Group-IB is also a member of the Europol European Cybercrime Centre’s (EC3) Advisory Group on Internet Security, which was created to foster closer cooperation between Europol and its leading non-law enforcement partners.

Read next
November 27, 2025
Ukuk and Group-IB Strengthen Cooperation to Enhance the National Cyber Defense of the Kyrgyz Republic
Top Women in Security ASEAN Awards 2025
November 13, 2025
Group-IB’s High-Tech Crime Investigations team triumphs at Top Women in Security ASEAN Awards 2025
October 21, 2025
Group-IB launches Asia-Pacific’s first Cyber Fusion Center in Singapore
October 9, 2025
Group-IB Intelligence Powers Spanish Guardia Civil Operation to Dismantle the “GXC Team” Cybercrime Syndicate
September 30, 2025
Group-IB and Cyber Samurai join forces to enhance cyber resilience in the DACH region
September 26, 2025
Group-IB supports INTERPOL’s “Operation Contender 3.0”, leading to the arrest of 260 suspects in Africa
Go to all Press Releases →