Security News > 2023 > March > OpenAI: ChatGPT payment data leak caused by open-source bug
OpenAI says a Redis client open-source library bug was behind Monday's ChatGPT outage and data leak, where users saw other users' personal information and chat queries.
OpenAI took ChatGPT offline to investigate an issue but did not provide details as to what caused the outage.
Today, OpenAi published a post-mortem report explaining that a bug in the Redis client open-source library caused the ChatGPT service to expose other users' chat queries and the personal information for approximately 1.2% of ChatGPT Plus subscribers.
"Upon deeper investigation, we also discovered that the same bug may have caused the unintentional visibility of payment-related information of 1.2% of the ChatGPT Plus subscribers who were active during a specific nine-hour window," explains the post-mortem.
"In the hours before we took ChatGPT offline on Monday, it was possible for some users to see another active user's first and last name, email address, payment address, the last four digits of a credit card number, and credit card expiration date. Full credit card numbers were not exposed at any time."
"We had a significant issue in ChatGPT due to a bug in an open source library, for which a fix has now been released and we have just finished validating. a small percentage of users were able to see the titles of other users' conversation history," Altman shared in a tweet.
News URL
Related news
- Shopping platform PandaBuy data leak impacts 1.3 million users (source)
- Week in review: 73M customers affected by AT&T data leak, errors led to US govt inboxes compromise (source)
- Home Depot confirms worker data leak after miscreant dumps info online (source)
- Cerebral to pay $7 million settlement in Facebook pixel data leak case (source)
- UnitedHealth confirms it paid ransomware gang to stop data leak (source)