Hackers are selling stolen GenAI accounts on the Dark Web

News
By published

Victim devices infected with infostealers and the credentials sold for just $15

Security Key
(Image credit: Pixabay)

Hackers have been found selling stolen Generative AI data and account credentials on the dark web, exploiting the technology’s  growing popularity to net big rewards. 

New research from eSentire’s Threat Response Unit (TRU) has identified over 400 account credentials are sold by cybercriminals every day. Primarily obtained from corporate end users’ computers that are infected with infostealer malware which retrieves anything the user has entered into their internet browser. This could include sensitive information such as bank details, financial records, customer data, and log-in information. 

Additionally, if end-users are subscribed to a GenAI service or model, then these credentials are stolen. When an infostealer is used to capture information, the ‘Stealer log’ of stolen data is then sold for around $10. OpenAI credentials are reported to be the most commonly stolen, with an average of 200 daily listings.

LLM Jacking

Elsewhere, findings from security research organisation Sysdig also showed threat actors are also gaining control of extensive numbers of LLMs (Large Language Models) in a process dubbed ‘LLM Jacking’. TRU warns that hacker’s aims are to acquire, resell, and abuse access to LLMs. 

Sysdig has confirmed LLM Jacking often uses a reverse proxy to resell and monetize their LLM access, and has warned an attack of this kind could cost the victim up to $46,000 per day in consumption costs. 

Underground stores like LLM Paradise used this tactic to obtain and sell stolen GenAI credentials, even brazenly advertising on sites like TikTok. Whilst this site has since been closed down, a healthy market ensures many others remain in its place.  

As the use of AI has grown, so too has the threat of cybercriminals discovering new ways to profit from stolen data. Companies are advised to maintain rigorous security measures, such as establishing robust vulnerability management processes, monitoring for suspicious activity, and multi-factor authentication. 

More from TechRadar Pro

Ellen Jennings-Trace
Ellen Jennings-Trace
Staff Writer

Ellen has been writing for almost four years, with a focus on post-COVID policy whilst studying for BA Politics and International Relations at the University of Cardiff, followed by an MA in Political Communication. Before joining TechRadar Pro as a Junior Writer, she worked for Future Publishing’s MVC content team, working with merchants and retailers to upload content.

Read more
SearchGPT OpenAI
Hackers offer 20 million OpenAI credentials for sale, but it says there's no evidence of a breach
Cartoon Phishing
Hackers use GenAI to attack more frequently and effectively
Shadowed hands on a digital background reaching for a login prompt.
Private API keys and passwords found in AI training dataset - nearly 12,000 details leaked
Representational image of a cybercriminal
Criminals are spreading malware disguised as DeepSeek AI
Concept art representing cybersecurity principles
Cybercriminals cashing in on holiday sales rush
An abstract image of digital security.
Identifying the evolving security threats to AI models
Latest in Pro
NHS
NHS IT supplier hit with major fine following ransomware attack
A business woman looking at AI on a transparent screen
Most businesses are now fully embracing AI - but aren't always protected against the risks
Hands on a laptop with overlaid logos representing network security
Winning the war on ransomware with multi-layer security
Protection from AI hacker attacks
Maintaining SAP’s confidentiality, integrity, and availability triad
A trough sensor at Overbury farm
“It's wildlife working for you” - how Agri-Tech can help revolutionize British farming as we know it
Epson EcoTank ET-4850 next to a TechRadar badge that reads Big Savings
I found the best printer deal you won't see in the Amazon Spring Sale and it's got a massive $150 saving
Latest in News
A PC gamer celebrating, sat in a gaming chair in front of a monitor
Windows 11’s Game Bar gets a fresh coat of paint, plus a tweak to work better on handhelds – and I like the direction Microsoft’s heading in here
NHS
NHS IT supplier hit with major fine following ransomware attack
A business woman looking at AI on a transparent screen
Most businesses are now fully embracing AI - but aren't always protected against the risks
The Samsung Galaxy S25 Edge on display the January 22, 2025 Galaxy Unpacked event.
All three rumored Samsung Galaxy S25 Edge colors shown off in ‘official’ images
Cristiano Ronaldo promotional image for Fatal Fury: City of the Wolves
Yes, Cristiano Ronaldo is a playable character in Fatal Fury: City of the Wolves, and it makes more sense than you think
inZOI.
inZOI early access won't feature Denuvo DRM after all, 'we are committed to making inZOI a highly moddable game'
More about pro
NHS

NHS IT supplier hit with major fine following ransomware attack
A business woman looking at AI on a transparent screen

Most businesses are now fully embracing AI - but aren't always protected against the risks
Image of SanDisk Extreme Pro

Amazon's Spring Sale rides on with discounts on SanDisk SSDs - and these deals are ones you don't want to miss
See more latest
Most Popular
NHS
NHS IT supplier hit with major fine following ransomware attack
Nintendo Direct live blog.
Nintendo Direct live build-up: no Switch 2, but these are our predictions for what we could see
A PC gamer celebrating, sat in a gaming chair in front of a monitor
Windows 11’s Game Bar gets a fresh coat of paint, plus a tweak to work better on handhelds – and I like the direction Microsoft’s heading in here
inZOI.
inZOI early access won't feature Denuvo DRM after all, 'we are committed to making inZOI a highly moddable game'
The Samsung Galaxy S25 Edge on display the January 22, 2025 Galaxy Unpacked event.
All three rumored Samsung Galaxy S25 Edge colors shown off in ‘official’ images
Robert Downey Jr sitting in a chair and holding a finger to his lips during Marvel's Avengers: Doomsday cast reveal
'There is always room for more': Marvel drops big hint that it isn't done with its Avengers: Doomsday cast announcements
Cristiano Ronaldo promotional image for Fatal Fury: City of the Wolves
Yes, Cristiano Ronaldo is a playable character in Fatal Fury: City of the Wolves, and it makes more sense than you think
A business woman looking at AI on a transparent screen
Most businesses are now fully embracing AI - but aren't always protected against the risks
Proton VPN and Vivaldi partnership – promo image
Proton joins forces with Vivaldi browser to help you break free from Big Tech
Buzz Lightyear Space Ranger Spin Rennovations
Disney’s giving a classic Buzz Lightyear ride a tech overhaul – here's everything you need to know