An open-source bug caused a payment data leak on ChatGPT

Users of ChatGPT, the popular chatbot service powered by OpenAI’s language model, might want to check their accounts for any suspicious activity due to an open-source bug. A recent data breach has exposed the personal and payment information of some ChatGPT Plus subscribers, as well as their conversation histories with the chatbot.

Read: How to Protect Your Gmail Account from North Korean Hackers

What happened with the open-source bug?

According to OpenAI, the data leak was caused by a bug in an open-source library called redis-py, which is used to cache user data and reduce the load on the database. The bug created a caching issue that allowed some users to see the data of other active users around the same time.

The bug affected ChatGPT between 1:00 AM and 10:00 AM PT on March 20, 2023. During this time, some users who visited their “Manage Subscription” page may have seen the billing information of another user, including their name, email address, payment address, and the last four digits and expiration date of their credit card. Additionally, some users may have seen the titles and possibly the first messages of conversations from another user’s chat history.

OpenAI discovered the bug on March 21, 2023, after some users reported seeing strange data on their accounts. The company took ChatGPT offline for over an hour to fix the issue and restore the service. However, it was later found out that the bug also affected some subscription confirmation emails, which were sent to the wrong recipients and contained the last four digits of credit card numbers.

They estimate that 1.2% of ChatGPT Plus users may have had their data exposed to another user due to the bug. The company has notified all affected users. OpenAI also assured that no full credit card numbers were exposed at any time and that there is no evidence of malicious exploitation of the bug.

ChatGPT is one of the most advanced chatbot services available today, but it is not immune to errors or vulnerabilities. The recent data leak shows that even AI systems can have bugs that compromise user privacy and security. As a user, you should always be aware of the risks and benefits of using such services and take precautions to protect yourself.

Keep in touch with our blog to read the latest news and innovations in the cybersecurity world. 

open-source bug

Photo by ilgmyzin on Unsplash.

Facebook: Eagle Tech Corp

Instagram: @eagletech_corp

Twitter: @eagletechcorp

LinkedIn: Eagle Tech

YouTube: Eagle Tech Corp

Cybersecurity and IT Managed Services