OpenAI confirmed that the ChatGPT may have leaked payment details of paid version subscribers of the service to other users after a bug that occurred on March 20, which exposed conversation histories of several people with the artificial intelligence.
On its official blog, the company provided more details about the incident this Friday (24). A flaw in system libraries allowed some users’ chat sessions to show up in other people’s chat history. Additionally, payment data of around 1.2% of ChatGPT Plus subscribers may have been exposed.
OpenAI says it’s possible that, hours before the service was temporarily taken down to fix the bug, some active users identified name, email, billing address, expiration date and last four digits of credit cards of ChatGPT Plus subscribers. Full credit card numbers were not disclosed.
Users affected by the information leak will be notified of the incident. It is common for companies to offer third-party cybersecurity services for free after a data breach, but so far, OpenAI has not manifested a protocol for cases of security breach of its software.
The company listed practices it intends to adopt so that this problem does not occur again. Redundant checks have been added to ensure that the data returned from the library’s cache matches the user, as well as extensive analysis to ensure that the chat history belongs to the individual.