It took less than 5 months for a significant ChatGPT breach. This is not surprising, given the incredible pace of the software’s adoption. On February 1, Reuters reported that ChatGPT had reached 100 million active monthly users in the two months since its launch, citing data from UBS.
Any platform as new as ChatGPT with a userbase the size of ChatGPT’s will be a target for cyber criminals hoping to find new vulnerabilities to exploit. Businesses and individuals who use ChatGPT need to understand the risks, and to recognize that the unprecedented growth of ChatGPT may make the platform uniquely vulnerable in the short term as its developers rush to keep up with demand.
What Happened in the ChatGPT Breach?
Around March 20, payment information for some ChatGPT Plus subscribers was exposed, including names, emails, billing addresses, card expiration dates and the last four digits of the card used to subscribe to the service. OpenAI, the creators of ChatGPT, contacted the affected users, estimated at 1.2% of the overall subscriber base. OpenAI patched the vulnerability that enabled the breach.
There is no reason to stop using ChatGPT, and unless you were notified of the breach, there is no immediate cause for concern. Those who were impacted by the ChatGPT breach may want to consider canceling and replacing affected credit cards, as the exposed digits and expiration date could be combined with other data on the Dark Web to commit identity fraud.
Is ChatGPT Safe to Use?
If you use ChatGPT as a standalone application, it should not present a risk to your overall cyber security. If you attempt to integrate ChatGPT with other systems, do so with caution.
Security researchers identified a vulnerability in a ChatGPT plugin that allows the software to collect information by connecting directly to third-party systems. In this case, the threat came not from ChatGPT but from outdated code used to facilitate communications. ChatGPT integrations with existing business systems or databases should only be undertaken by a developer with considerable experience in cross-platform vulnerabilities and up-to-date awareness of cyber threats. Cyber criminals love software integrations, because they create complex vulnerabilities and may rely on communication methods with known exploits. Remember that data must be protected at every stage of its use: storage, processing and communication between systems.
Chat GPT as a Phishing Lure
The greater danger of ChatGPT to most organizations may be its use in phishing scams. We have seen this previously with every popular platform and service online: Users receive an email claiming to be from a service provider, asking them to click a link to solve a phony problem. Examples include:
- Your (Gmail, Yahoo, Microsoft) account has been suspended. Please click this link to restore access.
- We were unable to deliver your package. Please click this link to reschedule delivery.
- Your (PayPal) payment has been rejected. Please click this link to update your payment method.
- Please log in to update your password.
Popular services inevitably find themselves targeted in these spoofing attacks, where criminals send official-looking emails, often with company branding and some legitimate links, in an attempt to steal usernames and passwords. As one of the fastest-growing services in history, it is inevitable that ChatGPT will be targeted as well.
Fortunately, there is a simple way to avoid these phishing attacks: Never click on links in emails. If you get an email indicating a problem with an online account or service, go directly to the provider’s web page and log in to your account directly. Do not click on any link that you receive via email, even if it looks legitimate.
Protect Now offers cyber security employee training that changes attitudes toward cyber security by making it personal for every employee. With in-person, virtual and eLearning options, our employee training programs offer an effective and affordable solution for every business and organization. Contact us online to learn more, or call us at 1-800-658-8311 to learn more.