Craig Pepper
March 18, 2024
5 Min Read

Threat Report 18.03.24

Emerging Security Concerns in ChatGPT Plugins Highlight Risks to Organisational Data

Recent findings highlight significant security vulnerabilities in ChatGPT plugins, spotlighting the potential for data breaches and unauthorised access to organisational accounts across various third-party platforms. These security gaps expose sensitive user information, including personally identifiable information (PII), to the risk of exploitation.

Darren Guccione, the CEO and co-founder of Keeper Security, has pointed out the grave implications of these vulnerabilities, noting that organisational employees often entrust AI tools with sensitive data, such as intellectual property and financial records. The unauthorised access enabled by these flaws could lead to severe repercussions for any affected business.

In November 2023, the introduction of a feature known as GPTs by ChatGPT, which operates in a manner similar to plugins, has introduced additional security challenges, echoing the vulnerabilities found in plugins.

Salt Security's research team has outlined three primary vulnerabilities within ChatGPT plugins. The first issue pertains to the plugin installation process, which could be exploited by attackers to install malicious plugins capable of intercepting confidential user communications. The second vulnerability exists within PluginLab, a development framework for ChatGPT plugins, where security gaps could facilitate account takeovers on platforms like GitHub. The third vulnerability involves manipulation of OAuth redirection in several plugins, potentially allowing attackers to siphon user credentials and take over accounts.

Yaniv Balmas, Salt Security's vice president of research, highlighted the increasing appeal of generative AI tools such as ChatGPT to cyber attackers, who are keen to exploit these technologies to access valuable data.

Salt Labs has engaged in a coordinated effort with OpenAI and various third-party vendors to address and mitigate these vulnerabilities, aiming to minimise the risk of exploitation.


Permission-based Plugin Installation: Limiting plugin installation to authorised users to prevent malicious installations.

Two-factor Authentication: Enhancing account security by requiring a secondary form of identification beyond just a password.

Caution with Code and Links: Educating employees on the importance of being vigilant when interacting with code and links to avert cyberattacks.

Continuous Plugin Activity Monitoring: Keeping a watchful eye on plugin activity for early detection of any unusual actions or unauthorised access attempts.

Staying Updated with Security Advisories: Keeping abreast of the latest security advisories and updates from ChatGPT and associated third-party vendors to promptly address new vulnerabilities.

Unprecedented Data Breach Hits French Government, Affecting Up to 43 Million

A significant breach has been reported within a key French government department, specifically France Travail, tasked with aiding the unemployed. This breach has potentially exposed the personal information of up to 43 million citizens, marking it as one of the most extensive data breaches in the nation's history. The incident was promptly reported to France's data protection authority, CNIL, highlighting the severe risk posed by such extensive data exposure.

The compromised data spans two decades and includes sensitive information such as names, birth dates, social security numbers, email and postal addresses, and phone numbers. Fortunately, there is no indication that passwords or banking details were included in the breach.

The implications of this breach are significant, with CNIL cautioning that the stolen data could be amalgamated with information from other breaches, creating comprehensive profiles on individuals. The exact extent of the data theft remains uncertain, although it is clear that significant portions of the database were illicitly accessed. This database not only contained records of current and past job seekers but also of individuals with candidate profiles on the France Travail website.

The Paris Judicial Police Department's Cybercrime Brigade is spearheading the investigation into this breach, which occurred between February 6 and March 5. In the wake of this breach, French citizens are being advised to remain vigilant for phishing attempts and to ensure their passwords are secure and robust.

The breach's method remains partially unclear, with indications suggesting the attackers may have masqueraded as members of Cap Emploi, another government department, hinting at social engineering tactics.

In response, France Travail has committed to informing those affected and has issued an apology. Recognizing the escalating threat of cyberattacks, the agency has vowed to bolster its security measures and protocols. This breach is particularly distressing for France Travail, following a previous incident last August involving a service provider that compromised data of an estimated 10 million citizens.

This event underscores the growing cyber threat landscape in France, coming shortly after reports of DDoS attacks against various government departments. These attacks, claimed by the pro-Russia group Anonymous Sudan, were described by Prime Minister Gabriel Attal's Office as of "unprecedented intensity," though they were eventually contained. This recent breach at France Travail not only surpasses previous incidents in scale but also emphasises the urgent need for strengthened cybersecurity defences across the country.

Leicester City Council Experiences Significant Cyber Disruption

Leicester City Council, the governing authority of the Midlands city in England, has been hit by a cyber incident, leading to the shutdown of its IT systems and several critical service phone lines. Initially reported on March 7, the council took swift action by taking numerous systems offline following the detection of the issue, which it later identified as a cyber incident through its communication on the X channel.

The use of the term "cyber incident" by organisations often hints at a more severe situation than publicly disclosed, frequently implying a ransomware attack. However, Leicester City Council has yet to confirm the nature of the cyberattack, including whether it was indeed ransomware.

Inquiries for more detailed information from the council have yet to receive a response. Nonetheless, the speculation among security experts leans towards ransomware, given the withdrawal of services at the council’s network border, such as Citrix Netscaler and Cisco AnyConnect VPN appliances. None of the prominent ransomware groups have claimed responsibility for the attack thus far.

Richard Sword, the council's strategic director of city developments and neighbourhoods, stated that the council is in the process of understanding the incident's full extent. The recovery of services is anticipated to begin in the middle of the week, prioritising the most critical services first. The council has expressed apologies for the inconvenience caused and is making efforts to ensure minimal disruption to frontline services.

In response to the outage of online services, emergency contact numbers have been established for essential council services including adult safeguarding, child protection, and housing among others. The council's usual online forms for these services are currently unavailable.

Eerke Boiten, a professor of cybersecurity, highlighted the frequency of cyberattacks on councils and the significant impact on day-to-day operations, which could lead to prolonged disruptions in various council functions.

Leicester City Council also noted that it is not alone in facing cyberattacks, pointing to similar incidents affecting councils across the UK, including three Kent local authorities and St Helens Council, which have experienced disruptions from cyberattacks.

The attack raises concerns for Leicester city residents regarding the safety of their personal data. Boiten reassured that sensitive data, especially in areas such as social work, likely has additional protections to prevent access from such cyber incidents. He also commended Leicester City Council's information governance, suggesting confidence in the limited impact on sensitive data.

As Leicester City Council works towards recovery and securing its systems, the incident serves as a reminder of the persistent cybersecurity challenges facing local governments and the need for robust protective measures against such threats.

Read similar blogs