A recent report by cybersecurity firm Kaspersky has shed light on a concerning trend in the cyber underworld – the rampant sale of stolen credentials from AI-based gaming platforms and services. Over the past three years, an alarming 3.6 crore credentials, including login-password details, have been pilfered and offered for sale on the dark web. The surge in demand for artificial intelligence (AI) services and online gaming has inadvertently fueled the activities of hackers who employ specialized malware known as info stealers to harvest user data.
The rise of info stealers threatens online security
Infostealers, a type of malware designed to extract user logins and passwords clandestinely, have become the weapon of choice for cybercriminals seeking to exploit the burgeoning popularity of AI-based services and online gaming platforms. These malicious programs infect personal and corporate devices through various means, including phishing attacks and other deceptive techniques.
According to Kaspersky, most compromised credentials originate from the renowned gaming platform Roblox, with approximately 3.4 crore user accounts falling victim to malware-driven data breaches. Moreover, the report highlights a staggering 33-fold increase in stolen credentials from OpenAI users, totaling 6.64 lakh records, including those associated with ChatGPT, a widely-used chatbot service.
AI services under siege in a growing concern
The surge in credential compromises extends beyond gaming platforms to encompass a diverse range of AI-based services. Notably, over 11,60,000 application users’ credentials from the AI-powered graphic design tool Canva were compromised over the same three-year period. Kaspersky’s Digital Footprint Intelligence data has revealed that these stolen credentials frequently surface on dark web forums and clandestine Telegram channels, indicative of a thriving black market for pilfered user data.
From image editing and translation services to chatbots and voice generators, the breadth of compromised AI services underscores the pervasive nature of the threat. Yuliya Novikova, head of Kaspersky Digital Footprint Intelligence, underscores the critical need for robust cybersecurity measures to combat infostealer attacks and safeguard against the illicit exploitation of user credentials.
Ongoing vigilance in safeguarding against cyber threats
The demand for stolen credentials, particularly those associated with AI services, continues to pose a significant challenge to online security. The report identifies a notable spike in cybercriminal interest in ChatGPT accounts following the release of its fourth iteration in March 2023. Despite subsequent stabilization, the sustained demand for AI-related credentials underscores the enduring allure of malicious actors seeking to capitalize on the widespread adoption of these services.
In light of these developments, the imperative for individuals and organizations to fortify their defenses against infostealer attacks cannot be overstated. As cyber threats evolve and proliferate, proactive measures, including robust security protocols and ongoing vigilance, are paramount to mitigating the risks posed by malicious actors operating within the shadows of the dark web.
Kaspersky’s latest findings are a stark reminder of the ever-present dangers lurking in the digital realm. With cybercriminals increasingly targeting AI-based services and gaming platforms, the imperative for comprehensive cybersecurity measures has never been more urgent. By remaining vigilant and implementing robust defense mechanisms, users and organizations alike can help stem the tide of cybercrime and safeguard the integrity of online ecosystems.
