Researchers at CybelAngel came across an exposed database of stolen personal information that hosted data collected from a malware-laced, fake ChatGPT browser extension.
CybelAngel came across this database within the frame of their activities “We scan unprotected assets on a daily basis, and we paid closer attention to this Mongo after it matched for several of our clients.” Based on the structure of the database, it is clear that the actor was after the Facebook accounts.
The malicious actors had collected Facebook credentials belonging to 40,000 users — as well as their browsers’ cookie tracking data — and appear to be using that information to take over accounts.
As the CybelAngel team notes, “This incident serves as a reminder of the importance of digital security and the need to remain vigilant when downloading software or extensions.”
Read More: CybelAngel
Subscribe to our quarterly newsletter to receive news from TempoCap and our portfolio