https://news.trendmicro.com/2023/05/13/openai-chatgpt-data-breach/.
OpenAI, the creator of ChatGPT, has confirmed that a bug in the AI’s source code resulted in a breach of sensitive data. The vulnerability was in the Redis memory database, which OpenAI uses to store user information. Actors were able to access the open-source library and view users’ chat history.
Furthermore, approximately 1.2% of ChatGPT Plus subscribers who were active on March 20th may have had payment information compromised due to the bug. The incident exposed names, email addresses, payment addresses, credit card types, and the last four digits of credit card numbers. In a press release, OpenAI added:
“It’s also possible that the first message of a newly-created conversation was visible in someone else’s chat history if both users were active around the same time.”
OpenAI has stated that the number of affected users was very low and that the vulnerability was patched shortly after discovery. The company has assured users that there is no ongoing risk to users’ data, adding:
“We have reached out to notify affected users that their payment information may have been exposed […] We apologize again to our users and to the entire ChatGPT community and will work diligently to rebuild trust.”
And so it begins………
