WormGPT Database Leaked: Threat Actor Exposes 19,000 Users of Malicious AI Tool
A threat actor known as Sythe has claimed responsibility for leaking the full database of WormGPT, a cybercrime-focused AI platform sold on dark web forums since 2023. The breach, observed by Hackmanac, exposed sensitive data from over 19,000 users, including email addresses, user IDs, and subscription and billing metadata.
Built on the GPT-J language model (developed in 2021), WormGPT was designed to bypass ethical restrictions, offering cybercriminals tools for phishing, malware development, and exploit creation. Unlike mainstream AI platforms, it includes features like unlimited character support, chat memory retention, and code formatting all tailored for malicious use. Advertised on underground forums since June 2023, the platform provided subscription-based access with specialized AI models for tasks such as business email compromise (BEC) attacks and ransomware scripting.
Security researchers found WormGPT capable of generating "remarkably persuasive" phishing emails, malicious code (including ransomware and spyware), and deceptive web forms. It also supports multilingual social engineering, enabling attackers to scale operations without advanced technical skills. Former black hat hacker Daniel Kelley warned in 2023 that the tool lowers the barrier for entry, allowing even novice cybercriminals to launch sophisticated attacks rapidly.
The leaked database could aid law enforcement in tracking cybercriminals but also risks retaliatory attacks or further exploitation of exposed user data. The incident underscores the growing threat of AI-powered cybercrime, as generative AI tools like WormGPT continue to evolve and expand the attack surface.
Source: https://cybersecuritynews.com/wormgpt-database-leak/
Hackmanac cybersecurity rating report: https://www.rankiteo.com/company/hackmanac
"id": "HAC1770717121",
"linkid": "hackmanac",
"type": "Breach",
"date": "6/2023",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '19,000 users',
'industry': 'Cybercrime Tools',
'name': 'WormGPT',
'type': 'AI Platform'}],
'attack_vector': 'Unknown (Database Leak)',
'data_breach': {'data_exfiltration': 'Yes (leaked by threat actor)',
'number_of_records_exposed': '19,000',
'personally_identifiable_information': 'Email addresses, user '
'IDs',
'sensitivity_of_data': 'High (cybercriminal user data)',
'type_of_data_compromised': ['Email addresses',
'User IDs',
'Subscription metadata',
'Billing metadata']},
'description': 'A threat actor known as *Sythe* has claimed responsibility '
'for leaking the full database of *WormGPT*, a '
'cybercrime-focused AI platform sold on dark web forums since '
'2023. The breach exposed sensitive data from over 19,000 '
'users, including email addresses, user IDs, and subscription '
'and billing metadata. The leaked database could aid law '
'enforcement in tracking cybercriminals but also risks '
'retaliatory attacks or further exploitation of exposed user '
'data.',
'impact': {'brand_reputation_impact': "Negative impact on WormGPT's "
'reputation as a cybercrime tool',
'data_compromised': 'Email addresses, user IDs, subscription and '
'billing metadata',
'identity_theft_risk': 'High (exposed user data could be used for '
'identity theft or further attacks)',
'operational_impact': 'Potential disruption of WormGPT services; '
'risk of further exploitation of exposed '
'data',
'payment_information_risk': 'Potential (billing metadata exposed)',
'systems_affected': 'WormGPT platform database'},
'lessons_learned': 'The incident underscores the growing threat of AI-powered '
'cybercrime, as generative AI tools like WormGPT continue '
'to evolve and expand the attack surface. It also '
'highlights the risks of exposing cybercriminal user data, '
'which can be exploited for further attacks or '
'retaliation.',
'motivation': 'Exposure of cybercriminal tool users (potential retaliation or '
'disruption)',
'post_incident_analysis': {'root_causes': 'Unknown (database leak by threat '
'actor *Sythe*)'},
'recommendations': ['Enhance security measures for cybercrime-focused '
'platforms to prevent database leaks',
'Monitor dark web forums for exposed user data to '
'mitigate further exploitation',
'Increase awareness of AI-powered cybercrime tools and '
'their risks',
'Collaborate with law enforcement to track and disrupt '
'cybercriminal operations leveraging such tools'],
'references': [{'source': 'Hackmanac'}],
'threat_actor': 'Sythe',
'title': 'WormGPT Database Leaked: Threat Actor Exposes 19,000 Users of '
'Malicious AI Tool',
'type': 'Data Breach'}