On Monday, OpenAI was forced to disable the ChatGPT AI bot for a while after a bug in the system allowed users to briefly access other users’ conversation history. However, they could only see the headlines, not the content of the conversations. The company announced the first findings of the incident on Friday.
In order to clarify all circumstances of the incident, the company shut down ChatGPT for almost 10 hours. As a result, the AI bot’s security issues go much deeper: a bug in the chat history could also potentially expose the personal information of 1.2% of paying ChatGPT Plus subscribers.
“In the hours before we disabled ChatGPT on Monday, some users were able to see the first and last name, email address, billing address, last four digits of a credit card number, and expiration date of another active user. Full credit card numbers were never released.” This was announced by the OpenAI team on Friday.
“Open the subscription confirmation email sent Monday, March 20 from 1:00-10:00 am PT. Due to an error, some subscription confirmation emails generated during this period were sent to the wrong users. These emails contained the last four digits of the other user’s credit card number, but the full credit card numbers were not displayed. It is possible that prior to March 20th a small number of subscription confirmation emails were sent in error, although we have not confirmed any of them.” OpenAI warned users.
It is also reported that experts have fixed an issue related to a vulnerability in a library that OpenAI has identified as an open-source Redis client library – redis-py. To prevent such incidents from happening again, the company has tightened controls on library calls “The logs have been checked programmatically to ensure that all messages are available only to the intended recipients.”