More than 200,000 OpenAI LP credentials have been discovered for sale on the dark web, according to new research.

Bleeping Computer reported Wednesday that the figure came from researchers at security company Flare Systems Inc., which analyzed dark web forums and marketplaces, shady sites reachable with special software. It found that OpenAI credentials are among the latest commodities available. Although 200,000 is a significant figure, the estimated number of OpenAI users, including ChatGPT users, sat at about 100 million as of January and no doubt has grown considerably since then.

The stolen credentials apparently show that generative artificial intelligence tools have the potential for malicious activity. The figure is also roughly double the figure of over 100,000 ChatGPT login credentials found by cybersecurity company Group-IB Global Private Ltd. in a report in June.

Following the Group-IB report, OpenAI said last month that it “maintains industry best practices for authenticating and authorizing users to services including ChatGPT” and that it encourages users to use strong passwords and install only verified and trusted software on personal computers.

“With the rise of generative AI, it is no surprise that credentials for generative AI tools and chatbots are a sought-after form of data,” Philipp Pointner, chief of digital identity at identity verification services company Jumio Corp., told SiliconANGLE. “With over 200,000 OpenAI credentials up for grabs on the dark web, cybercriminals can easily get their hands on other personal information like phone numbers, physical addresses and credit card numbers.”

Pointner warned that generative AI chatbots also bring an additional concern. “With these credentials, fraudsters can gain access to all types of information users have inputted into the chatbot, such as content from their previous conversations and use it to create hypercustomized phishing scams to increase their credibility and effectiveness,” he added.

The interest hackers have in generative AI was emphasized in a report on July 13 that detailed “WormGPT,” a custom AI tool that is being used for nefarious purposes.

Developed in 2021, WormGPT is an AI model built on the GPTJ language model that offers enhanced features, including unlimited character support, chat memory retention and code formatting capabilities. Unlike its ChatGPT and other ethical GenAIs, WormGPT has been explicitly designed for malicious activities and has been observed to produce cunning and persuasive Business Email Compromise emails.

Image: Pexels