Security News > 2023 > March > OpenAI: ChatGPT payment data leak caused by open-source bug

OpenAI: ChatGPT payment data leak caused by open-source bug
2023-03-24 18:39

OpenAI says a Redis client open-source library bug was behind Monday's ChatGPT outage and data leak, where users saw other users' personal information and chat queries.

OpenAI took ChatGPT offline to investigate an issue but did not provide details as to what caused the outage.

Today, OpenAi published a post-mortem report explaining that a bug in the Redis client open-source library caused the ChatGPT service to expose other users' chat queries and the personal information for approximately 1.2% of ChatGPT Plus subscribers.

"Upon deeper investigation, we also discovered that the same bug may have caused the unintentional visibility of payment-related information of 1.2% of the ChatGPT Plus subscribers who were active during a specific nine-hour window," explains the post-mortem.

"In the hours before we took ChatGPT offline on Monday, it was possible for some users to see another active user's first and last name, email address, payment address, the last four digits of a credit card number, and credit card expiration date. Full credit card numbers were not exposed at any time."

"We had a significant issue in ChatGPT due to a bug in an open source library, for which a fix has now been released and we have just finished validating. a small percentage of users were able to see the titles of other users' conversation history," Altman shared in a tweet.


News URL

https://www.bleepingcomputer.com/news/security/openai-chatgpt-payment-data-leak-caused-by-open-source-bug/