ChatGPT suffers data breach

OpenAI, the company behind AI-powered ChatGPT, has confirmed that a bug in the chatbot’s source code may have resulted in a leak of sensitive data.

OpenAI reported that a vulnerability in the Redis open-source library used by ChatGPT allowed “some users” to see “titles from another active user’s chat history”. OpenAI uses Redis to cache user information for faster recall and access.

“It’s also possible that the first message of a newly-created conversation was visible in someone else’s chat history if both users were active around the same time,” Open AI stated in a press release.

Additionally, 1.2% of the ChatGPT Plus subscribers who were active between 1-10am PST on March 20 may have suffered “unintentional visibility of payment-related information” due to the bug. The incident may have exposed their first and last name, email address, payment address, credit card type and the last four digits (only) of a credit card number, and credit card expiration date.

Subscribe to Charged Retail for free

Click here to get the latest retail tech news free in your inbox each day

OpenAI believes the number of affected users was “incredibly low”, and the company patched the vulnerability on the same day as it discovered it, March 24.

The firm remains confident that there is no ongoing risk to users’ data. Ever since, it has tested the bug fix, examined the logs and added multiple other checks.

Although minor, the incident is rather worrying: chatbots store vast amounts of data, some of which is sensitive. Mark McCreary, the co-chair of the privacy and data security practice at law firm Fox Rothschild LLP, compared chatbots to the black box in an airplane.

Governments and businesses around the globe have barred employees from using ChatGPT at work. Amazon, JPMorgan and Samsung have all restricted or warned against sharing confidential data with the chatbot.

Artificial IntelligenceBig TechCloudNews


Leave a Reply

Your email address will not be published. Required fields are marked *

Fill out this field
Fill out this field
Please enter a valid email address.