ChatGPT could not find vulnerabilities in its own system. How vulnerabilities allowed user account takeover and leaked payment data

Share this…

An flaw in an open-source library was the cause of an outage that occurred earlier this week for the ChatGPT service, according to OpenAI’s disclosure. Due to the flaw, some users were able to read titles from the chat history of other current users, and in some instances, they were able to see the first message of a discussion that had just begun. As a direct consequence of this, OpenAI pulled ChatGPT down in order to address the issue. The flaw has been fixed, and the ChatGPT service has been brought back online, along with the functionality that allows users to see their conversation history, with the exception of the most recent few hours of data.

Nevertheless, after doing more research, OpenAI revealed that the same flaw may have been responsible for making the payment-related information of 1.2% of ChatGPT Plus customers public to other users. This information consisted of the last four digits of a credit card number, an email address, a payment address, and the expiry date of the credit card. On the other hand, whole credit card numbers were never made public in any way.

We took ChatGPT offline Monday to fix a bug in an open source library that allowed some users to see titles from other users’ chat history. Our investigation has also found that 1.2% of ChatGPT Plus users might have had personal data revealed to another user. 1/2

— OpenAI (@OpenAI) March 24, 2023

OpenAI has come

Read more

Explore the site

More from the blog

Latest News