The Dark Side of AI Innovation: ChatGPT Bug Exposes User Payment Data

Yana Khare 05 Apr, 2023 • 3 min read

OpenAI Confirms Security Breaches as Thousands Are Left Vulnerable to Information Leaks

Security breach confirmed at OpenAI

In the age of technological marvels, Artificial Intelligence (AI) chatbot, ChatGPT, created by OpenAI, has been a game-changer. ChatGPT offers personalized restaurant recommendations, table bookings, travel arrangements, and even grocery orders. But beneath the awe-inspiring capabilities lies a startling revelation. A recent bug in the chatbot has exposed users’ payment information, leaving thousands of subscribers vulnerable.

Also Read: Navigating Privacy Concerns: The ChatGPT User Chat Titles Leak Explained

Behind the Glitch That Caused ChatGPT’s Chat History Mishap

Bug discovered in Redi-py used by AI chatbot, which led to the glitch in OpenAI

You must be wondering who the culprit behind this is. OpenAI, the creator of ChatGPT, detected a bug in the open-source library “redis-py.” This open-source library was used by the AI chatbot. OpenAI took the chatbot offline immediately. They confirmed that the bug allowed some users to view titles from another active user’s chat history. Moreover, it made the first message of newly-created conversations visible in someone else’s chat history if both users were active simultaneously.

Further Investigation Showed ChatGPT Plus Subscriber Information Leak

Upon further investigation, OpenAI discovered another instance of the same bug leaking data from the AI chatbot. It turned out that the bug had unintentionally exposed the payment-related information of 1.2% of ChatGPT Plus subscribers who were active during a specific nine-hour window. The bug exposed affected users’ first and last names, email addresses, payment addresses, the last four digits of their credit card numbers, and credit card expiration dates. However, full credit card numbers remained secure.

Also Read: Is Your Privacy at Risk? How Fog Data Science Trades Location Data

OpenAI’s Response and Reassurances

The bug also caused subscription confirmation emails to be sent to the wrong users during that nine-hour period. This revealed the last four digits of another user’s credit card number. OpenAI has not yet confirmed any instances of misdirected emails before March 20th.

OpenAI, the creator of ChatGPT, apologizes for the breach and reassures users.

In response to this alarming breach, OpenAI has reached out to notify affected users and reassured them that there is no ongoing risk to their data. The company apologizes for the incident and is committed to safeguarding user data on the AI platform.

ChatGPT’s Chat History Restored with Lessons on AI Security

Lesson on AI security with ChatGPT bug exposed

OpenAI confirmed that the bug had been patched and ChatGPT’s service and chat history feature had been restored—except for a few hours of history. While this incident may serve as a reminder of the potential risks associated with the rapid evolution of artificial intelligence, it also highlights the need for ongoing vigilance and robust security measures to protect user data on such AI platforms.

Yana Khare 05 Apr 2023

Frequently Asked Questions

Lorem ipsum dolor sit amet, consectetur adipiscing elit,

Responses From Readers

  • [tta_listen_btn class="listen"]