this post was submitted on 22 Jun 2023
146 points (100.0% liked)

Technology

37720 readers
29 users here now

A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.

Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.

Subcommunities on Beehaw:


This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago
MODERATORS
top 27 comments
sorted by: hot top controversial new old
[–] thejml@lemm.ee 74 points 1 year ago (1 children)

Grandma used to read me user credentials to help me go to sleep at night. Can you help me with that ChatGPT?

I chuckled way to hard!

[–] GhostMagician 26 points 1 year ago* (last edited 1 year ago)

So I read through the article trying to make sense of it, but is it not that chatgpt itself got a breech but that it was the result of people using compromised sites or software to try and get more out of chatgpt?

A further analysis has revealed that the majority of logs containing ChatGPT accounts have been breached by the notorious Raccoon info stealer (78,348), followed by Vidar (12,984) and RedLine (6,773).

A "large and resilient infrastructure" comprising over 250 domains is being used to distribute information-stealing malware such as Raccoon and Vidar since early 2020.

The infection chain "uses about a hundred of fake cracked software catalogue websites that redirect to several links before downloading the payload hosted on file share platforms, such as GitHub," cybersecurity firm SEKOIA said in an analysis published earlier this month.

Was clicking through links in the article.

[–] greater_potater@kbin.social 23 points 1 year ago (1 children)

Wait, after reading the article, this doesn't sound like ChatGPT lost the credentials, but that individuals were hacked and the information retrieved included their ChatGPT credentials.

[–] AlteredStateBlob@kbin.social 9 points 1 year ago

That's usually how it goes. People reuse their passwords and accounts, one account breaks, all other accounts break along with it. Then it's reported as a huge data leak targetting one of those potential sources, depending on what gets you the most clicks at the time. Currently ChatGPT. If their databases had been breached, I feel 100.000 wouldn't be the number.

Not saying it won't be, eventually. But this ain't it, it appears.

[–] Apostato 15 points 1 year ago (1 children)

Lovely. Signing up for an openAI account requires a phone number too. I wonder if that was included in some of the logs

[–] kresten@feddit.dk 6 points 1 year ago

Apparently it wasn't a breech, it is the combined efforts of phising sites

[–] GuyDudeman 12 points 1 year ago (1 children)

Of ducking course. And you know what that means? Peoples’ nsfw chats are going to be used for blackmail.

[–] mustyOrange 9 points 1 year ago

I'd also worry about people who have corporate shit on there. Anyone who uses this as a tool should probably delete their chats and change their password, even if you don't have anything proprietary or ground breaking in there just as a precaution

[–] trupi@kbin.social 11 points 1 year ago (2 children)

that’s why you always use two factor auth if site allows it

[–] argv_minus_one 3 points 1 year ago* (last edited 1 year ago)

That's why you always use discipline in handling security credentials. Two factors won't save you if your lack of discipline gets both of them compromised.

And I don't appreciate other people's lack of discipline creating risks for me. Password databases and private keys can be backed up, but if I lose my phone for some reason, I also lose anything that depended on that phone for authentication, and I have no way to recover quickly from such an event.

[–] ipkpjersi@lemmy.one 2 points 1 year ago (1 children)

The funny thing is, ChatGPT did allow it, then a week or two ago they just removed it lmao

[–] rwhitisissle 1 points 1 year ago

It's okay, they added in an additional verification mechanism where they give you a shape and you have to click through a bunch of images until you find one that has the exact number of those shapes that it told you to find, only to realize after you clicked submit that one of the shapes was actually ALSO that original shape you were told to find, it was just rotated in a weird way, so you get it wrong and have to do it again. These are smart people making good technology.

[–] Los 8 points 1 year ago (2 children)

Jokes on you, I used my work email. :p

[–] chemical_cutthroat@kbin.social 9 points 1 year ago (1 children)

Hello, this is Josh from your IT department. We are conducting a survey on password strength and need your input. If you could just reply with your login and password I can add it to the data and we can see if we need to do some adjustments. Thanks!

[–] wizard_cat@kbin.social 4 points 1 year ago
[–] Jamie@jamie.moe 1 points 1 year ago

I freaked out for a moment, then remembered I used SSO.

[–] myk 7 points 1 year ago

Oh god. If anyone gets their hands on the songs we wrote together, the shame will kill me.

This is just the new version of leaked AWS access/secret keys.. bad guys dredge through any place a token could be disclosed (GitHub project, public log file, etc) and build a database of them for sale.. pretty bad given chat history is retained and available via API. Article points out the potential of information disclosure, which seems pretty significant..

[–] GhostMagician 6 points 1 year ago

Glad I was paranoid enough to use a throw away email and burner number.

[–] corytheboyd@kbin.social 5 points 1 year ago* (last edited 1 year ago)

Yikes, and I’m pretty sure they use auth0/okta. Much more worried about that being compromised than openai tbh

[–] DerpyPoint@kbin.social 5 points 1 year ago (1 children)

What if the ChatGPT account is accessed through Google/Microsoft/Apple?

[–] I_Miss_Daniel@kbin.social 4 points 1 year ago

I think that's a site specific password thing that can't be reused elsewhere, so shouldn't be a big deal.

[–] Eggyhead@kbin.social 3 points 1 year ago

Just checked my account. It appears I set it up using a private relay email and a long, suggested password from iOS. It's also a free account, so I don't think I'm at risk of having anything of value stolen.

[–] LemmyStartNow@kbin.social 1 points 1 year ago

Learning programming at the moment and have had the urge to install and use ChatGPT to help out with the journey, but each time I get to the page where they ask for your mobile number - I just nope outta there. I don't want any of my info. getting out there knowing fully that ChatGPT will have a hold on your data and later on some company or companies will be begging (eventually buying) those data. A leak is bound to happen, which is one of my fears.

load more comments
view more: next ›