OpenAI’s ChatGPT bot was taken offline for emergency maintenance on Tuesday due to a bug that allowed a user to access other users’ chat histories. The company released its findings on Friday, revealing that the security issue was more serious than originally thought.
The bug not only allowed users to view other users’ chat history titles but also potentially exposed the personal information of 1.2% of ChatGPT Plus subscribers, who pay a monthly fee for enhanced access.
According to OpenAI, in the hours leading up to ChatGPT’s shutdown, some users were able to view another user’s first and last name, email address, payment address, the last four digits of a credit card number, and credit card expiration date.
Also Read | Who is Linus Sebastian? All about YouTuber’s net worth, age, relationship, career, family and more
The company confirmed that full credit card numbers were not exposed at any time. OpenAI has since fixed the issue, which was caused by a bug in the Redis client open-source library, redis-py.
The company has taken several steps to prevent similar incidents from happening in the future. These include adding redundant checks to library calls, programmatically examining logs to ensure that messages are only available to the correct user, and improving logging to quickly identify and stop any potential breaches. OpenAI has also contacted affected users to alert them of the issue.
This incident is the latest in a string of public mishaps involving AI. In February, Google’s rival Bard AI incorrectly claimed that the JWST was the first telescope to image an exoplanet, while CNET used generative AI to write financial explainer posts before laying off a significant portion of its editorial staff. It remains to be seen whether OpenAI will suffer any market-based repercussions as a result of this incident.
Also Read | Who is Shou Zi Chew? TikTok CEO net worth, age, wife Vivian Kao, career and more