{"id":10195,"date":"2024-05-13T09:09:44","date_gmt":"2024-05-13T01:09:44","guid":{"rendered":"https:\/\/www.1ai.net\/?p=10195"},"modified":"2024-05-13T09:09:44","modified_gmt":"2024-05-13T01:09:44","slug":"%e5%ae%89%e5%85%a8%e5%85%ac%e5%8f%b8%e8%ad%a6%e5%91%8a%e9%bb%91%e5%ae%a2%e6%ad%a3%e7%9e%84%e5%87%86%e5%90%84%e5%a4%a7-ai-%e8%af%ad%e8%a8%80%e6%a8%a1%e5%9e%8b%e5%b9%b3%e5%8f%b0%e7%94%a8%e6%88%b7","status":"publish","type":"post","link":"https:\/\/www.1ai.net\/en\/10195.html","title":{"rendered":"Security company warns hackers are targeting user accounts of major AI language model platforms to resell API balances\/obtain private information"},"content":{"rendered":"<p data-vmark=\"944e\"><a href=\"https:\/\/www.1ai.net\/en\/tag\/%e5%ae%89%e5%85%a8%e5%85%ac%e5%8f%b8\" title=\"[Sees articles with [Security Corporation] labels]\" target=\"_blank\" >Security Company<\/a> Sysdig recently released a report claiming that a large number of<a href=\"https:\/\/www.1ai.net\/en\/tag\/%e9%bb%91%e5%ae%a2\" title=\"[Sees articles with [Hacker] labels]\" target=\"_blank\" >hacker<\/a>Targeting major LLM large language model web platforms to launch \"LLMjacking\" attacks, hackers steal user accounts and passwords in a number of ways.<span class=\"accentTextColor\">model\u00a0<a href=\"https:\/\/www.1ai.net\/en\/tag\/api\" title=\"_OTHER ORGANISER\" target=\"_blank\" >API<\/a>\u00a0Resale to third parties, as well as selecting private information from users' conversation logs for blackmail or public sale<\/span>.<\/p>\n<p data-vmark=\"69ba\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-10196\" title=\"1f09c19e-22f0-4173-875c-51a658408a31\" src=\"https:\/\/www.1ai.net\/wp-content\/uploads\/2024\/05\/1f09c19e-22f0-4173-875c-51a658408a31.png\" alt=\"1f09c19e-22f0-4173-875c-51a658408a31\" width=\"1440\" height=\"542\" \/><\/p>\n<p data-vmark=\"24f0\">Sysdig said that hackers seem to \"favor\" the Anthropic Claude v2 \/ v3 platform, and that they have detected hackers mainly exploiting the crash library and the credentials vulnerability in the PHP framework Laravel (CVE-2021-3129) in their attacks, which are more targeted at enterprise users,\" said Sysdig.<span class=\"accentTextColor\">Unsuspecting victims could be paying hackers more than $46,000 per day (currently about RMB333,000) for API usage.<\/span>.<\/p>\n<p data-vmark=\"7cfd\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-10197\" title=\"557b6b99-6d9a-45fe-94d4-c97a7987ae8d\" src=\"https:\/\/www.1ai.net\/wp-content\/uploads\/2024\/05\/557b6b99-6d9a-45fe-94d4-c97a7987ae8d.png\" alt=\"557b6b99-6d9a-45fe-94d4-c97a7987ae8d\" width=\"1282\" height=\"454\" \/><\/p>\n<p data-vmark=\"3849\">In addition, Hugging Face has already fixed the API credential vulnerability in its platform that allowed hackers to obtain Microsoft \/ Google \/ Meta tokens to control the model libraries of several well-known companies.<\/p>","protected":false},"excerpt":{"rendered":"<p>Security firm Sysdig recently released a report claiming that a large number of hackers have been targeting major LLM large language model network platforms to launch \"LLMjacking\" attacks, in which hackers steal users' account passwords in a series of ways, resell model APIs to third parties, and select private information from users' conversation logs for extortion or public sale. Hackers also select private information from users' conversation logs for ransom or public sale. Sysdig said that hackers seem to \"prefer\" the Anthropic Claude v2 \/ v3 platform, and they have detected that hackers are mainly exploiting the crash database and the credentials vulnerability of the PHP framework Laravel (CVE-2021-3129) to carry out the attack, which is more inclined to enterprise users, and unknowing victims may need to do the hacker's work every day. Unsuspecting victims may have to pay for hackers every day!<\/p>","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[146],"tags":[1033,2565,2566],"collection":[],"class_list":["post-10195","post","type-post","status-publish","format-standard","hentry","category-news","tag-api","tag-2565","tag-2566"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.1ai.net\/en\/wp-json\/wp\/v2\/posts\/10195","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.1ai.net\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.1ai.net\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.1ai.net\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.1ai.net\/en\/wp-json\/wp\/v2\/comments?post=10195"}],"version-history":[{"count":0,"href":"https:\/\/www.1ai.net\/en\/wp-json\/wp\/v2\/posts\/10195\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.1ai.net\/en\/wp-json\/wp\/v2\/media?parent=10195"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.1ai.net\/en\/wp-json\/wp\/v2\/categories?post=10195"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.1ai.net\/en\/wp-json\/wp\/v2\/tags?post=10195"},{"taxonomy":"collection","embeddable":true,"href":"https:\/\/www.1ai.net\/en\/wp-json\/wp\/v2\/collection?post=10195"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}