ChatGPT bug leaked payment data, conversation titles of users, confirms OpenAI
OpenAI’s chatbot ChatGPT was recently made open to internet access, wherein it can now get restaurant recommendation based on every individual’s custom choices, book tables at the same restaurant, book travel or even order groceries for a user.
While the world was getting amazed with these ideas, the creators of ChatGPT informed that a bug in the artificial intelligence chatbot may have exposed user’s payment information to other users.
The bug was discovered in the Redis client open-source library called “redis-py”.
OpenAI had taken ChatGPT offline last week after the bug started exposing payment details. According to the company, the Microsoft-owned company took ChatGPT offline due to a bug in an open-source library which allowed some users to see titles from another active user’s chat history.
“It was also possible that the first message of a newly-created conversation was visible in someone else’s chat history if both users were active around the same time,” said the company.
On delving deeper into the problem, OpenAI found that the same bug may have caused the unintentional visibility of “payment-related information of 1.2 per cent of the ChatGPT Plus subscribers who were active during a specific nine-hour window”.
“In the hours before we took ChatGPT offline, it was possible for some users to see another active user’s first and last name, email address, payment address, the last four digits (only) of a credit card number, and credit card expiration date. Full credit card numbers were not exposed at any time,” the company revealed.
The company said that owing to the bug, subscription confirmation mails were getting sent to wrong users. These were the sunscription confirmation mails that were generated during that nine hour window.
Notably, these emails contained the last four digits of another users’ credit card number, but full credit card numbers did not appear.
“It’s possible that a small number of subscription confirmation emails might have been incorrectly addressed prior to March 20, although we have not confirmed any instances of this,” OpenAI further said.
The company said it has reached out to notify affected users that their payment information may have been exposed. “We are confident that there is no ongoing risk to users’ data,” it added, apologising again to users and to the entire ChatGPT community.
OpenAI has now informed that the bug has now been patched. They also said that ChatGPT service and its chat history feature, with the exception of a few hours of history, have been restored.
Download The Mint News App to get Daily Market Updates & Live Business News.