More than 36 million AI and gaming credentials have been compromised by infostealers over the past three years, reveals new research by cybersecurity company Kaspersky. The discovery was made during an analysis around the Mobile World Congress 2024.

The analysts discovered that popular AI and gaming sites, including Roblox, OpenAI, and ChatGPT, have been targeted by cybercriminals who steal data using malware. These stolen credentials are then leaked on the dark web, becoming valuable commodities in the world of cybercrime. Credential sales account for a significant portion of the dark web market.

According to Kaspersky's findings, 34 million Roblox user credentials were compromised and leaked on the dark web over the past three years. Meanwhile, in 2023, the number of stolen OpenAI user credentials, including those for ChatGPT, soared nearly 33-fold compared to the prior year, amounting to 664,000 records available on the dark web. These were stolen via infostealers, malware designed to thieve user logins and passwords by infiltrating personal and corporate devices through various means, such as phishing.

The popularity of AI services makes them particularly vulnerable to credential theft. In the past three years, credentials of approximately 1.16 million users of AI-based online graphic design tool Canva were compromised and leaked on the dark web. AI writing tool Grammarly also saw 839,000 user credentials stolen between 2021 and 2023.

Notably, Kaspersky identified around 688,000 leaked user credentials related to services by AI company OpenAI, including ChatGPT. The majority of this theft occurred in 2023, when there was a nearly 33-fold increase in the number of logins and passwords leaked.

The theft of credentials is typically achieved through infostealer activity, which uses specialised malware to steal user logins and passwords for various malicious activities, explains Yuliya Novikova, head of Kaspersky Digital Footprint Intelligence. Since the fourth version of ChatGPT was released in March 2023, demand for stolen ChatGPT accounts has remained steady, indicating the consistent threat posed by infostealers.

Another significant finding points to the children's game Roblox. Over the past three years, nearly 34 million Roblox credentials were compromised and posted to the dark web, a rise of 231% since 2021. The rise is attributed to the vulnerability of the children who play the game, as they are easily targeted through social engineering tactics, such as hiding infostealers in files containing cheat codes.

Children are among the most vulnerable audiences, suceptible to various kinds of social engineering. Cybercriminals can hide infostealers in files containing cheat codes to deceive young gamers, notes Novikova. Despite the large number of compromised Roblox accounts, they are not the primary goods sought by cybercriminals on the dark web. Accounts for gaming platforms such as Steam are more attractive due to the potential for real currency theft.

To protect against threats associated with password leaks, Kaspersky advises implementing proactive dark web monitoring to identify account compromises, using a reliable security solution to safeguard all devices, using different passwords for each service, and enabling two-factor authentication wherever possible.