Chat histories were leaked due to a question in ChatGPT, owned by OpenAI. Email addresses and payment information may also have been leaked, apparently due to the same issue.
OpenAI revealed new details on why it took ChatGPT offline on Monday, March 20, and now it is reported that sensitive information, including some users’ payment information, may have been exposed during the incident.
Sensitive User Information Revealed
According to the company’s statement, a caching issue has emerged in the open source library called redis-py. Due to this issue, some active users are shown the last four digits and expiration date of another user’s credit card, along with their first and last name, e-mail address and payment address.
The company states that the payment information leak may have affected 1.2 percent of ChatGPT Plus subscribers who used the service at certain time intervals on March 20. In addition to the payment information, it is also reported that some subscription confirmation e-mails sent during the event may have gone to the wrong people, and they also contain the last four digits of the credit card number.
According to the statement made by OpenAI, not all of the credit card numbers were disclosed. However, some users state that they are trying to withdraw money from their cards. OpenAI says that additional security adjustments have been made so that the caching issue does not cause this type of error again. It will also be contacted to alert users affected by the issue.
In fact, a similar event happened on Steam in 2015. Some Steam users have seen pages containing account information of other users. The irony is that OpenAI fell victim to a well-known security issue while doing serious work to explore the potential safety and security implications of AI.