ChatGPT is an artificial intelligence chatbot. It can interact with users in a conversational way. It is powered by a large language model called GPT-4. GPT-4 can understand and generate natural language responses based on user prompts. People can use ChatGPT for various purposes, such as getting information, entertainment, education, or productivity. ChatGPT is reportedly the fastest-growing consumer application in history.
The artificial intelligent chatbot from OpenAI has been the cool kid on the tech block since November 2022. Followers of the Bach Seat are smart enough to know what that means. Hackers are going after ChatGPT. Recent reports from cybersecurity researcher Group-IB have found over 100,000 ChatGPT logins for sale on the dark-web.
Attractive to attackers
The AI is using you to learn more things. Every time you interact with it, ChatGPT gathers more info about you. Unlike Google, which collects data on what you are doing, you are feeding your info into ChatGPT. The information ChatGPT gathers from you also makes its attractive to attackers.
Did you ask it for a strong password for your checking account? ChatGPT remembers.
Did you ask it about a medical condition? ChatGPT remembers it and added it to its “intelligence.”
Did you ask it to proofread your report for the boss? ChatGPT now knows all the confidential corporate info in your report.
Information-stealing malware
Attackers want that info too. They can scoop up the data from a hacked ChatGPT account. Hackers can use the stolen data to impersonate users, access their online accounts, steal their money or assets, blackmail them, or sell their information to other criminals or advertisers.
According to the Singapore based firm, attackers are using the Raccoon information-stealing malware to scoop up ChatGPT credentials. The Raccoon malware is a subscription based crimeware that attackers can license for as little as $200.00 a month and embed in a malware laden email.
How to protect yourself from ChatGPT hackers
The first step is to be careful about what you share with ChatGPT. Don’t give it any personal or sensitive information that you wouldn’t want anyone else to know. Remember that ChatGPT is not a human friend, but a machine that can store and process your data.
The second step is to use a strong and unique password for your ChatGPT account. Use a combination of uppercase and lowercase letters, numbers, and special characters. Avoid using easily guessable passwords or reusing passwords from other accounts. Use a password manager to generate and store complex passwords that are hard to guess or crack.
Periodically change your ChatGPT password. This will minimize the risk of unauthorized access. Avoid using the same password for an extended period and ensure new passwords are strong and unique.
The third step is to configure ChatGPT for more privacy.
Clear Your ChatGPT Conversations: To keep the information you’ve shared with ChatGPT away from attackers, regularly clear your saved ChatGPT conversations. To clear your ChatGPT conversations:
- Log in to ChatGPT.
- Click on your account name in the bottom left corner of the ChatGPT interface.
- Click Clear all chats.
- Click again to Confirm.
All of your saved conversations should be deleted. This can limit the amount of data stored on ChatGPT, which can help reduce the impact in case of a data breach.
Turn off chat history and model training: You can prevent ChatGPT from using your personal info to grow the AI. To disable chat history and model training,
- Log in to ChatGPT.
- Click on your account name in the bottom left corner of the ChatGPT interface.
- Click Settings.
- Click Data Controls.
- Toggle Chat history & training to off.
ChatGPT says that while history is disabled, new conversations won’t be used to train and improve our models and won’t appear in the history sidebar. They do retain all conversations for 30 days to monitor for abuse.
They also point out that this will not prevent unauthorized browser add-ons or malware on your computer from storing your history.
The other limitation is that this setting does not sync across browsers or devices. You will have to enable it in each device.
Another step is to monitor your ChatGPT activity and report any suspicious or unauthorized actions. You can check your chat history and settings on the ChatGPT website or app. If you notice anything unusual, such as messages you didn’t send or changes you didn’t make, contact ChatGPT support immediately and change your password.
Finally, educate yourself and others about the risks and benefits of using ChatGPT. Read the terms of service and privacy policy of ChatGPT before using it. Learn how ChatGPT works and what it can and can’t do. Share this blog post with your friends and family who use ChatGPT and help them stay safe online.
Where is MFA?
Multi-factor authentication is the gold standard for securing your online accounts. You should enable 2FA whenever possible. 2FA adds an extra layer of security by requiring an additional verification step, such as a unique code sent to a mobile device, to access the account. But ChatGPT does not offer this basic security tool.
rb-
We have seen this list after years and years of preaching account security. ChatGPT should receive the same level of attention you give to other sensitive accounts like your email, take the necessary steps to protect your ChatGPT account and yourself.
ChatGPT is an amazing technology that can enrich our lives and experiences. But like any other technology, it comes with some challenges and dangers that we need to be aware of and prepared for. By following these steps, you can enjoy chatting with ChatGPT without compromising your security or privacy.
How you can help Ukraine!
Related article
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.