OpenAI had to take down ChatGPT on Monday for a brief period because of a bug that leaked some users‘ personal payment information.
OpenAI put up a blog post yesterday explaining why it had to take down its conversational AI chatbot ChatGPT on March 20th. The blame is placed on a bug related to an open-source library that allowed users to see titles from another active user’s history. The first message of a new conversation could also be seen in someone else’s chat history if both users were using the chatbot at the same time.
But even scarier is that OpenAI admits that the same bug might be responsible for leaking payment-related information for a limited number of ChatGPT users who were using the platform over a specific time period. Before OpenAI took ChatGPT offline for a few hours last Monday, some subscribers could see another active user’s first and last name, email address, payment address, the last four digits of a credit card number, and credit card expiration date. The bug did not allow full credit card numbers to be leaked.
Only 1.2% of the ChatGPT Plus subscribers active during a nine-hour window had this payment information revealed. Open AI writes, „We believe the number of users whose data was actually revealed to someone else is extremely low.“ To access the aforementioned personal data, someone would have had to open a subscription confirmation email sent on Monday, March 20, between 1 a.
