There were a number of users whose email addresses were exposed accidentally by ChatGPT’s website recently. While OpenAI asserted that the cause was a bug in the Redis client open-source library.
In ChatGPT, users can browse all their query history from the sidebar of the ChatGPT window on their web browser. From this sidebar, you can browse all the past queries you have made or even use them to regenerate the responses.
However, many users reported an unusual issue on Monday morning. The reports from the users claim that they could see information about chat queries from other users listed in their query history.
There have also been several reports from ChatGPT Plus subscribers reporting that they came across other people’s email addresses on their subscription pages.
When OpenAI became aware of the incident, they acted quickly with the intent of shutting down ChatGPT to analyze the situation.
The ChatGPT service was exposed as a result of an error in the Redis client open-source library that caused the chat queries and email addresses of other users to be exposed to other users of the platform.
An estimated 1.2% of ChatGPT Plus subscribers had their personal details exposed, which included their chat queries and email addresses. As a result, ChatGPT Plus subscriptions have been suspended, and OpenAI has removed the sidebar for chat histories.
The OpenAI team immediately contacted the Redis maintainers after identifying the issue and provided them with a patch to fix it.
Several types of information have been exposed, including:
OpenAI estimates that many individuals may have had their data exposed in this data breach. It is important to note that to access this information, ChatGPT Plus subscribers had to do one of the following:-
ChatGPT asserted that they are in the process of contacting all users whose payment information has been compromised due to this security breach.
As part of OpenAI’s efforts to improve its systems, the following actions have been taken:-
Searching to secure your APIs? – Try Free API Penetration Testing
Related Coverage:
The Evasive Panda group deployed a new C# framework named CloudScout to target a Taiwanese…
Researchers warn of ongoing spear-phishing attacks by Russian threat actor Midnight Blizzard targeting individuals in…
The Ukrainian Cyber Emergency Response Team discovered a targeted phishing campaign launched by UAC-0215 against…
Researchers have identified a network of compromised devices, CovertNetwork-1658, used by Chinese threat actors to…
A security researcher discovered a vulnerability in Windows theme files in the previous year, which…
The ongoing Meta malvertising campaign, active for over a month, employs an evolving strategy to…