OpenAI Reveals 'Glitch' Exposed ChatGPT Plus Subscribers' Private Info
Earlier this week, ChatGPT users noticed a bug that enabled them to view the chat history titles of other users. OpenAI's highly popular AI chatbot was then taken offline while the developers addressed the problem. It was only until Friday that OpenAI disclosed the possibility that the same glitch may have inadvertently exposed payment-related information of some ChatGPT Plus subscribers.
We took ChatGPT offline Monday to fix a bug in an open source library that allowed some users to see titles from other users’ chat history. Our investigation has also found that 1.2% of ChatGPT Plus users might have had personal data revealed to another user. 1/2— OpenAI (@OpenAI) March 24, 2023
"Upon deeper investigation, we also discovered that the same bug may have caused the unintentional visibility of payment-related information of 1.2% of the ChatGPT Plus subscribers who were active during a specific nine-hour window," OpenAI stated in a press release.
We believe the number of users whose data was actually revealed to someone else is extremely low and we have contacted those who might be impacted. We take this very seriously and are sharing details of our investigation and plan here. 2/2 https://t.co/JwjfbcHr3g— OpenAI (@OpenAI) March 24, 2023
And what exactly was exposed?
"In the hours before we took ChatGPT offline on Monday, it was possible for some users to see another active user's first and last name, email address, payment address, the last four digits (only) of a credit card number, and credit card expiration date," the AI research company said.
The good news:
"Full credit card numbers were not exposed at any time," OpenAI added.
ChatGPT Plus subscribers impacted by the glitch were notified by OpenAI. The company reassured:
"We are confident that there is no ongoing risk to users' data."
On Twitter, some users referred to the bug as a 'data leak,' while others raised concerns about the lack of multiple layers of security to prevent such exposure of sensitive information.
It’s still a data leak and technical privacy issue they’re being transparent about.— Joseph Shortino (@josephshortino) March 24, 2023
There should've been multiple layers of safety in place for this already.— Jonathan (@thaonlyjonathan) March 24, 2023
Putting the open back in open ai— stetson 🤠 (@stetsblake) March 24, 2023
This certainly makes you go hmmm...
Could this be the beginning of a huge problem?— Ghanaian Tech Guy (@sl_augustt) March 24, 2023