OpenAI sued over identity theft
Date: 2023-07-02 Author: Karina Ziganova Categories: IN WORLD
California-based law firm Clarkson has filed a class-action lawsuit against ChatGPT chatbot developer OpenAI for identity theft.
The 15 counts of the lawsuit include breach of confidentiality, negligence due to failure to protect personal data, and theft by illegally obtaining large amounts of personal data to train their models.
OpenAI abandoned its original goals and principles, choosing instead to pursue profit at the expense of privacy, security and ethics," the plaintiffs said.
The lawsuit states that an artificial intelligence (AI) chatbot uses stolen personal data from hundreds of millions of network users. In total, OpenAI collected 300 billion words for chatbot training.
OpenAI collected personal data from social networks that cannot be used outside the platform. The firm claims that OpenAI "did this secretly and without registering as a data provider, as required by applicable law."
"By training the chatbot on the stolen data, the defendants saw an opportunity to make a profit and rushed to bring the Products to market without implementing proper security or control measures," the document says.
Thousands of ChatGPT accounts on the dark web
Earlier, Group-IB experts found 101,134 ChatGPT accounts in logs that cybercriminals put up for sale on the darknet. Analysts believe that the data was stolen with the help of viruses that hunt for the victim's information on personal computers.
One of the causes of data leakage is the use of a chatbot at work. ChatGPT keeps a history of user requests and responses, so attackers who stole logs can see all the victim's correspondence with the chatbot. This information can be used for targeted attacks against companies or sold on the dark web.
OpenAI calls for increased cybersecurity
Earlier this month, OpenAI launched a $1 million grant to support AI-powered cybersecurity initiatives. Funding for the grant will be provided in increments of $10,000 by various methods, such as API loans and direct funds, which will allow researchers and developers to implement their projects.
Preference will be given to practical applications, tools, methods, and processes that emphasize the defensive aspect of cybersecurity.
