OpenAI Reveals Source of Email Leaks to ChatGPT User History

Jakarta, CNN Indonesia —

OpenAI admits that the data leak of ChatGPT users’ personal information occurred due to a software error (bug).

The company said a bug in the open-source library Redis was behind the ChatGPT shutdown and data leak on Monday (20/3). At that time, users can see other users’ personal information and chat requests.

ChatGPT displays the history of queries (a special set of instructions for extracting data from a database, KBBI) that you have made in a sidebar, allowing you to click on one of them and generate a response back from the chatbot.



At that time, many ChatGPT users reported seeing other people’s chat requests listed in their history.

As PC Magazine first reported, some ChatGPT Plus subscribers have also reported seeing other users’ email addresses on their subscription pages.

Soon after, OpenAI stopped ChatGPT to investigate the problem, but did not elaborate on what caused the problem.

Later, OpenAI published a post-mortem report explaining a bug in the open-source library Redis led to the ChatGPT service exposing other users’ chat requests and personal information for around 1.2 percent of ChatGPT Plus customers.

“A bug was found in the open-source Redis client library, redis-py. As soon as we identified the bug, we contacted Redis maintainers with a patch to address the issue,” OpenAI said in a post-mortem.

The information disclosed included customer names, email addresses, payment addresses, and the last four digits of credit card numbers and expiration dates.

“Upon deeper investigation, we also discovered that the same bug may have caused unintentional visibility of payment-related information from 1.2 percent of ChatGPT Plus subscribers who were active during a certain nine-hour window,” the statement said.

“A few hours before we took ChatGPT offline on Monday, some users were able to see the first and last names of other active users, email addresses, payment addresses, last four digits (only) of credit card numbers, and credit card number expiration dates. Numbers credit card details were not disclosed at any time,” continued the statement.

OpenAI says the number of people whose data has been exposed is likely to be very low because it would require special action to crack it.

The company claims to have contacted all ChatGPT users affected by the disclosure of personal data.

Quoted from Bleeping Computer, OpenAI CEO Sam Altman apologized for the leak Wednesday night on Twitter.

“We ran into significant issues in ChatGPT due to a bug in the open source library, for which a fix has now been released and we just finished validating it. A small percentage of users are able to view other users’ conversation history titles,” Altman said in a tweet.

(Gambas:Video CNN)


Leave a Comment