The threat actor advertised GPT-4 or Claude API keys starting at only $15 each, while typical prices for various OpenAI models run between $5 and $30 per million tokens utilized, the researchers added.
LLM Paradise, however, couldn’t sustain itself for longer and, for unknown reasons, shut down its services recently. However, threat actors went around the snag and are still operating some ads for stolen GPT-4 API keys on TikTok, published since before the marketplace was shuttered.
Other than the GPT-4 and Claude APIs, other credentials put up for sale on LLM Paradise-like marketplaces include those for Quillbot, Notion, Huggingface, and Replit.
Credentials can be used for phishing, malware and breaches
eSentire researchers said the stolen credentials have greater value at the hands of cybercriminals for their multifold returns. “Threat actors are using popular AI platforms to create convincing phishing campaigns, develop sophisticated malware, and produce chatbots for their underground forums,” they said.
Additionally, they can be used to access an organization’s corporate GenAI accounts which further allows access to customers’ personal and financial information, proprietary intellectual property, and personally identifiable information.
The hacked credentials can also allow access to data restricted to corporate customers only, thereby affecting GenAI platform providers too. OpenAI was found to be the most affected with over 200 OpenAI credentials posted for sale per day.