A bug revealed ChatGPT users’ chat history, personal and billing data

Not only were some ChatGPT users able to see what other users have been using the AI chatbot for, but limited personal and billing information ended up getting revealed, as well.

ChatGPT suffered an outage on March 20 and then problems with making conversation history accessible to users.

“During a nine-hour window on March 20, 2023, another ChatGPT user may have inadvertently seen your billing information when clicking on their own ‘Manage Subscription’ page,” OpenAI notified 1.2% of the ChatGPT Plus subscribers via email.

“The billing information another user might have seen consisted of your first and last name, billing address, credit card type, credit card expiration date, and the last four digits of your credit card. The information did not include your full credit card number, and we have no evidence that any customer information was viewed by more than one other ChatGPT user.”

“The library maintains a shared pool of connections between the server and the cluster, and recycles a connection to be used for another request once done. When using Asyncio, requests and responses with redis-py behave as two queues: the caller pushes a request onto the incoming queue, and will pop a response from the outgoing queue, and then return the connection to the pool. If a request is canceled after the request is pushed onto the incoming queue, but before the response popped from the outgoing queue, we see our bug: the connection thus becomes corrupted and the next response that’s dequeued for an unrelated request can receive data left behind in the connection,” they noted.

The bug has since been patched, and OpenAI has added checks to make sure requesting users don’t get data belonging to other users.

Share this article on social media:

Subscribe to Our Newsletter!
Stay on top of cybersecurity risks, evolving threats and industry news.
This field is for validation purposes and should be left unchanged.

The Latest Cybersecurity News

From major cyberattacks, newly discovered critical vulnerabilities to recommended best practices, read it here first:

CONTACT US

Get in Touch With The Team

Whether you’re looking for more information on our services or simply have a general inquiry, our team remains at your disposal to answer any questions or provide guidance. 

A Vumetric expert will be in touch shortly to discuss further. 

This field is for validation purposes and should be left unchanged.

BUILD A QUOTE

RECEIVE YOUR QUOTE QUICKLY

What you will get in your detailed quote:

Activities

Including methodologies

Deliverables

Report table of content

Total cost

All-inclusive flat fee

More than 500 organizations received a quote from us in 2023

BOOK A MEETING

Schedule a Meeting With The Team

Looking for more details on how we can help or need guidance to determine the approach best suited for your organization? Plan a virtual meeting with a member of our team to discuss further without any engagement.

This field is for validation purposes and should be left unchanged.

* No free email provider (e.g: gmail.com, hotmail.com, etc.)

What happens next?

A Vumetric expert learns about your needs and objectives during a quick meeting.

A project scope is defined (target environment, deadlines, requirements, etc.)

020_01_Artboard 63

A detailed quote including all-inclusive pricing and statement of work is provided.

BOOK A MEETING

Enter your Email Address

This field is for validation purposes and should be left unchanged.

* No free email provider (e.g: gmail.com, hotmail.com, etc.)

2024 EDITION

PENETRATION TESTING Buyer's Guide

Everything You Need to Know

Gain confidence in your future cybersecurity assessments by learning to effectively plan, scope and execute projects.
This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.