A bug in the open source library was identified by OpenAI as the cause of the disclosure of personal information, and the titles of users’ chats with the ChatGPT service.
According to The Hacker News, the March 20 issue allowed some users to view brief descriptions of other people’s chats from the chat history bar. The incident forced OpenAI to temporarily close this chatbot.
The company thinks it’s likely that the first message of a new chat (with ChatGPT ) is already visible in someone else’s chat history in case both users are active at the same time.
This error originates from the redis-py library, which results in aborted requests, broken connections, and unexpected return of data from the database cache, in this case information belonging to another user.
It is worth noting that OpenAI made a mistake when making server-side changes that resulted in a spike in the number of canceled requests, which in turn increased the error rate. Despite the resolution, the company believes the issue could have had more impact elsewhere, potentially revealing payment-related information for 1.2% of ChatGPT Plus subscribers on March 20
The exposed information included your name, email address, billing address, the last four digits of your credit card number, and the card’s expiration date. OpenAI insists the full credit card number is not exposed. The company says it has reached out to affected users to report the leak, and also says it has added redundancy checks to ensure the data returned by the Redis cache matches the request from the Redis cache. user.
Previously, OpenAI also fixed the critical vulnerability in just 2 hours after receiving the report. This vulnerability, sent by a security expert, allows bypassing the protections put in place by OpenAI to read the victim’s sensitive data. The person who discovered the vulnerability said that if exploited, hackers could take control of a user’s account, view chat history, and access payment information without the victim’s knowledge