Facebook Users and Deceptive ChatGPT Scams

A mysterious infostealer infiltrates Facebook accounts, robbing victims of precious memories and access to professional and personal profiles. Learn more about the unbelievable story CybelAngel recently uncovered, and request our help to protect your brand against Infostealer malwares

Imagine losing 20 years’ worth of memories and access to both personal and professional Facebook accounts with a single click. That’s the terrifying reality for more than 40,000 Facebook users who fell victim to a malicious software campaign that preyed upon their trust in a seemingly harmless app.

The culprit? A fake ChatGPT tool, which managed to steal user credentials, bypass two-factor authentication, and take control of Facebook accounts.

Victims of the scheme found their accounts’ names changed to Lily Collins, the star of the blockbuster Netflix TV show, “Emily in Paris,” and the profile pictures replaced. Worse still, users were locked out of their personal and professional Facebook accounts, unable to regain control easily. Many lost decades’ worth of memories in the process, leaving them devastated.

The incident has gone viral on TikTok under the hashtag #LilyCollinsHack, with users sharing their frustration and disbelief at having their Facebook accounts compromised. The common thread among these individuals was the installation of a deceptive ChatGPT tool, either a Windows software or a Chrome extension. Our investigation has traced the stolen data back to March 2023. The Chrome extension, in particular, impersonated a legitimate ChatGPT app but was quickly removed from the Chrome store. Unfortunately, thousands had already downloaded it.

Our research

At the beginning of April, CybelAngel discovered this exposed database, but shortly after, it was wiped and ransomed by an unknown actor. CybelAngel came across this database within the frame of their activities. “We scan unprotected assets on a daily basis, and we paid closer attention to this Mongo after it matched for several of our clients.” Based on the structure of the database, it is clear that the actor was after the Facebook accounts. Interestingly, they account for only 1% of the full stolen information – which included 4 million credentials.

Yet, the rest of the data is gold: a research with simple keywords indicate that there is access to at least 6,000 corporate accounts and 7,000 VPNs, and thousands of customer accounts for a wide range of services. This heartbreaking incident serves as a reminder of the importance of digital security and the need to remain vigilant when downloading software or extensions.

To safeguard your digital memories and maintain access to your professional and personal accounts, always:

  • Verify the source of an app or extension before downloading it.
  • Regularly update your passwords and use a strong, unique password for each account.
  • Enable two-factor authentication wherever possible.
  • Be cautious when granting permissions to apps and extensions.
  • Stay informed and protect yourself from the ever-evolving landscape of cyber threats.

Your memories and access to crucial social media platforms are priceless – don’t let them be stolen by a single click. Join the conversation on TikTok using #LilyCollinsHack and share your experiences and advice with others to help prevent further attacks.