• btc = $95 652.00 -3 009.07 (-3.05 %)

  • eth = $3 331.27 - 136.85 (-3.95 %)

  • ton = $5.73 -0.25 (-4.20 %)

  • btc = $95 652.00 -3 009.07 (-3.05 %)

  • eth = $3 331.27 - 136.85 (-3.95 %)

  • ton = $5.73 -0.25 (-4.20 %)

25 Mar, 2023
2 min time to read

1.2% of subscribers could see each others names and credit card information.

OpenAI published more details about the shutdown of ChatGPT on the 20th of March. The company admits there was a security hole could allow other users to access ChatGPT Plus subscribers' personal data, according to official press release.

OpenAI has said that the leak affected only 1.2% of ChatGPT Plus subscribers and that full credit card numbers were not exposed. This means that some users were able to see personal information such as names, last name, email address, payment address, last four digits of the credit card and expiration date.

The problem occurred because of a security hole that allowed some users to access other users' personal data. The company said that personal data could leak in two ways. The first was due to an error in a confirmation email sent out to subscribers, which contained the last four digits of another user's credit card number.

The second was due to an error in ChatGPT itself, which allowed users to see the personal information of other people. It was connected with an error in ChatGPT when after clicking on the section with managing subscription users could see the personal information of other people. First and last name, email address, payment address, the last four digits (only) of a credit card number, and credit card expiration date might have been visible. OpenAI already notify affected users that their payment information may have been exposed.

The cause of the problem was an open-source library called Redis, which is used to cache users' information to avoid checking the ChatGPT database for every request. Due to an error in the query sequence, the system mistakenly sent data to the wrong users. OpenAI has since added additional checks to ensure that the data returned by the cache matches the requesting user.

OpenAI has notified affected users that their payment information may have been exposed and has already solved the problem. The company turned off ChatGPT for several hours on March 20 to address privacy concerns, as some users were able to see someone else's chat history. ChatGPT resumed work a few hours later.