It has been discovered that cybercriminals are now able to purchase Generative AI (GenAI) account credentials on underground hacker markets, along with other illegal goods, as per recent research findings.
These GenAI credentials include accounts from platforms like ChatGPT, Quillbot, Notion, Huggingface, and Replit, among others. Researchers from eSentire’s cybersecurity team have observed that hackers are selling approximately 400 GenAI account credentials per day, typically obtained from corporate end users’ devices after being infected with an infostealer.
One of the underground services discovered selling stolen GenAI credentials was LLM Paradise, which advertised GPT-4/Clause API keys starting at $15 each (although the market has now shut down). These threat actors have also utilized legitimate platforms, including promoting their illegal products on TikTok.
Furthermore, researchers found that threat actors are monetizing GenAI account credentials in various ways, such as launching phishing campaigns, deploying malware, creating chatbots, or stealing sensitive corporate data like financial or customer information.
For organizations looking to protect themselves, the researchers recommend monitoring employee usage of cloud-based GenAI services, urging GenAI vendors to implement WebAuth in their portals, following password best practices, and utilizing Dark Web monitoring services.
