With craze for artificial intelligence-based services and online games going up significantly, hackers have stolen 3.6 crore credentials (login-password details) and put them on sale in the dark web over the last three years.

Also read: De-clutter your digital device, be safe: Kaspersky South Asia GM

Credentials in question were stolen using infostealers, specialised malware designed to steal user logins and passwords that infects personal and corporate devices through phishing and other methods.

Cybersecurity solutions company has said that the bulk of the credentials belonged to the people on the popular gaming platform Roblox. “Over the past three years, about 3.4 crore Roblox users’ credentials were compromised with malware and leaked on the dark web,” it said.

The sale of compromised login credentials occupies a significant part of the dark web market. 

“In 2023, the number of OpenAI users’ stolen credentials increased 33-fold compared to the previous year, as 6.64 lakh records with logins and passwords, including those for ChatGPT, were posted on the dark web,” it claimed.

AI services top target

Over the past three years, for example, approximately 11,60,000 application users’ credentials from AI-based online graphic design tool Canva were compromised with data stealing malware. Kaspersky Digital Footprint Intelligence data showed these credentials surfaced on the dark web forums and shadowy Telegram channels.

Credentials from various AI services – image editing, translation, text tuning, chatbots, to voice generators – are being compromised due to their growing popularity.  

“The credential compromises in question, stem from infostealer activity, a specialised form of malware designed to steal user credentials for cyberattacks, dark web sales or other malicious activities,” Yuliya Novikova, head of Kaspersky Digital Footprint Intelligence, said.

The demand for ChatGPT accounts among cybercriminals spiked in March 2023, after the release of the fourth version of the popular chatbot. Since then, it has stabilised at the same level as other AI services.

Also read: Operation Triangulation: How hackers get into iOS Devices

“This suggests that the demand for ChatGPT accounts will remain steady. The importance of robust solutions to safeguard against infostealer attacks and other malware is growing for both individuals and companies,” Novikova said.