OpenAI and Yubico Launch Security Keys Amid Rising ChatGPT Account Compromises

Severity: High (Score: 67.5)

Sources: Sttinfo.Fi, Techcrunch, www.businesswire.com, Markets.Ft, mashable.com

Summary

OpenAI has partnered with Yubico to introduce a new Advanced Account Security program for ChatGPT users, offering custom YubiKeys designed to prevent phishing attacks. This initiative comes in response to a report from Group-IB revealing over 101,000 compromised ChatGPT login credentials available on dark web marketplaces. The surge in account thefts is attributed to malware like Raccoon, which has been used to steal sensitive information from users. The new YubiKeys, including the YubiKey C NFC and YubiKey C Nano, are aimed at enhancing security for users at risk of targeted attacks. OpenAI emphasizes the importance of these security measures, especially for high-value individuals such as journalists and political dissidents. The partnership aims to reduce unauthorized access to sensitive data and improve overall account security for millions of ChatGPT users worldwide. OpenAI has already implemented YubiKeys internally to protect its infrastructure and employees from phishing threats. Key Points: • OpenAI and Yubico launched custom YubiKeys to enhance ChatGPT account security. • Over 101,000 compromised ChatGPT credentials were found on the dark web, primarily due to Raccoon malware. • The new security keys are targeted at users at high risk of phishing attacks, including journalists and political dissidents.

Key Entities

• Data Breach (attack_type)
• Malware (attack_type)
• Phishing (attack_type)
• CWE-200 - Exposure of Sensitive Information (cwe)
• CWE-287 - Improper Authentication (cwe)
• businesswire.com (domain)
• yubico.com (domain)
• Raccoon (malware)
• T1003 - OS Credential Dumping (mitre_attack)
• T1566 - Phishing (mitre_attack)
• T1567 - Exfiltration Over Web Service (mitre_attack)