[ad_1]
Last week, ChatGPT went down in what first appeared to be a global outage, but was in fact, due to OpenAI shutting the service (temporarily) after finding a bug that made user chat histories visible to the public – and more besides, we’ve now found out, worryingly.
2The bug in an open source library has turned into a thornier problem than OpenAI first realized (Image Credit: Pixabay)
VIEW GALLERY – 2 IMAGES
In what was later described as a “significant issue” pertaining to a bug present in an open source library, titles of chat histories, and possibly the initial messages, were in some cases seen by other users who were active at the same time as a person having a chat.
The bug is now fixed, but after fully investigating what happened here, OpenAI has admitted that some credit card details of a small subset of users were possibly exposed.
The bug “may have caused the unintentional visibility of payment-related information” of 1.2% of ChatGPT Plus subscribers.
OpenAI explained that in the few hours before ChatGPT got pulled down last Monday (March 20), some users may have been able to view another active user’s credit card number – albeit the last four digits only – and the card expiry date.
Note that the full card number was not visible, and while the details that were potentially viewable weren’t enough to be able to actually use the card, it’s still highly concerning for any payment info like this to be potentially spilled to others.
Other personal details that could have been visible in this way included first and last names, email addresses, and payment addresses.
The company tells us that the number of users finding data exposed in this way was “extremely low” and that there are two main circumstances where this might have happened.
Namely if a user clicked on “My account” then “Manage my subscription” between 1am and 10am (Pacific Time) on Monday, March 20, or if a user opened a subscription confirmation email sent in that same time period (as the bug caused those emails to be sent to the wrong users).
It’s possible that occurrences of the bug causing the mentioned data leakage could have happened before March 20, as well, OpenAI notes, but as yet, there are no confirmed cases of this.
The company also assures users that the fix to the bug in question has been extensively tested, and that several data sources have been correlated to identify any affected users who will subsequently be notified.
[ad_2]