Kaspersky’s Digital Footprint Intelligence experts uncovered a shocking number of stolen login credentials during their analysis coinciding with the Mobile World Congress 2024. Delving into the dark web market for credential theft from popular AI and gaming platforms, the cybersecurity specialists made alarming discoveries:
– Within the past three years, over 34 million Roblox user credentials (including logins and passwords) fell victim to malware infiltration and were subsequently leaked on the dark web.
– In 2023 alone, the number of ChatGPT user credentials stolen skyrocketed by 33-fold compared to the previous year, with 664,000 records containing logins and passwords surfacing on the dark web.
– These compromised credentials were acquired through infostealers, specialized malware designed to pilfer user logins and passwords, infecting both personal and corporate devices through phishing and other deceptive means.
The illicit trade of compromised login credentials constitutes a significant portion of the dark web market. Cybercriminals typically engage in buying and selling accounts from various online platforms and services. Initially stolen using data-stealing malware, these accounts are then leaked on the dark web through infostealer log-files, where they can be further exploited as valuable assets within the cybercriminal underworld. Kaspersky’s research sheds light on the trends within this market and offers insights on how individuals and businesses can fortify themselves against such threats.
Steady Increase in AI Services Credential Thefts
The theft of credentials from various AI services, spanning image editing, translation, text enhancement, chatbots, and voice generators, reflects their growing popularity. Over the past three years, approximately 1.16 million users’ credentials from the AI-powered graphic design tool Canva were compromised, alongside around 839,000 user credentials from the popular AI writing assistant, Grammarly, between 2021 and 2023.
Even major AI companies like OpenAI witnessed their users’ credentials leaked due to infostealer activities, with nearly 688,000 ChatGPT credentials compromised between 2021 and 2023. Notably, the surge in leaked logins and passwords in 2023, nearly 33 times higher than the previous year, indicates a concerning escalation in cyber threats following the widespread adoption of chatbots.
Yuliya Novikova, Head of Kaspersky Digital Footprint Intelligence, explains, “The credential compromises stem from infostealer activity, a specialized form of malware aimed at stealing user credentials for cyberattacks, dark web sales, or other malicious activities, infecting both personal and corporate devices through phishing emails, malicious websites, and various other methods.”
Roblox Records High Rates of Compromised Credentials, Posing Risks to Children
Between 2021 and 2023, nearly 34 million credentials associated with Roblox were compromised and circulated on the dark web, rendering the game a lucrative target for cybercriminals employing infostealing malware. Alarmingly, the number of compromised accounts for this popular children’s game has been steadily increasing each year, rising by 231% from roughly 4.7 million in 2021 to 15.5 million in 2023.
Novikova emphasizes, “Children are among the most vulnerable audiences, susceptible to various forms of social engineering. Cybercriminals often conceal infostealers in files containing cheat codes to deceive young gamers, sometimes posting malicious download links on legitimate platforms like YouTube.”
While numerous Roblox accounts fall victim to credential theft, certain accounts are more coveted by cybercriminals. For instance, the demand for Steam accounts surged, with approximately 10,000 dark web posts related to selling or buying them between 2021 and 2023, far surpassing posts concerning stolen Roblox accounts, which remained under 150.
To mitigate the risks associated with password leaks, Kaspersky recommends implementing the following security measures:
– Proactively monitor the dark web to detect account compromises before they jeopardize client and employee cybersecurity.
– Utilize Kaspersky Digital Footprint Intelligence to enable security analysts to explore potential attack vectors and raise awareness of existing threats from cybercriminals.
– Protect all devices with reliable security solutions, such as Kaspersky Premium.
– Employ unique passwords for each service and enable two-factor authentication wherever possible.
