A concerning situation arises as a certain percentage of employees engage in the regular posting of company data on ChatGPT, with a quarter of that data being of a sensitive nature. This includes internal business data, source code, regulated personally identifiable information, and customer data. Now, these details are being sold on the Dark Web.
The potential consequences for businesses and individuals are grave, ranging from reputational harm to significant financial losses. Experts are raising alarm bells due to the risks associated with this data falling into the wrong hands.
According to a recent report by cybersecurity firm Group-IB, gaining access to this data is relatively easy for threat actors. Over the past year, experts discovered more than 100,000 compromised credentials in the logs of info-stealing malware traded on illicit dark web marketplaces.
Phishing campaigns frequently infect computers with info-stealers, which gather various sensitive information, including credentials saved in browsers, bank card details, crypto wallet information, cookies, and browsing history.
Dmitry Shestakov, Head of Threat Intelligence at Group-IB, highlighted the potential risks: “Employees enter classified correspondences or use the bot to optimize proprietary code. Given that ChatGPT’s standard configuration retains all conversations, this could inadvertently offer a trove of sensitive intelligence to threat actors if they obtain account credentials.”
Certain companies, such as Samsung, have responded to this risk by banning the use of ChatGPT and other generative AI tools.
However, despite the risks involved, workers continue to show a strong affinity for ChatGPT. A recent survey on Github revealed that an overwhelming 92% of developers utilize AI tools in an attempt to prevent burnout and enhance productivity.
To safeguard your credentials from being shared in the deep/dark web, it will be wise to regularly update your passwords and implement two-factor authentication (2FA). With 2FA enabled, you will receive notifications on your device, alerting you whenever someone attempts to access your ChatGPT account.