OpenAI, the developer behind the ChatGPT chatbot, has confirmed that a technical issue that caused the site to shut down last Monday also led to a breach of user data, including their names, email addresses, and partial payment information. The problem arose due to a bug that generated random addresses for users’ ChatGPT conversations with other users. Upon further investigation, OpenAI discovered that the error exposed the payment information of approximately 1.2% of ChatGPT Plus subscribers for up to nine hours before the error was discovered.
As a result of the glitch, some users were able to see the first and last names of other users, their email addresses, the last four digits of their credit card numbers, and their expiration dates. However, the company confirmed that the full credit card numbers of the participants had not been leaked. The company has notified the affected users, and although the number is very low, OpenAI has acknowledged that it failed to live up to its commitment to user privacy and data security.
OpenAI discovered the vulnerability in one of the open-source libraries that ChatGPT uses to fetch user information from the database and store it in a way that allows for quick access. The technical issue led to confusion, resulting in user information appearing in other users’ conversations. To resolve the problem, OpenAI shut down the site for several hours to prevent further data leakage.
In response to the incident, OpenAI has taken several measures to strengthen its systems, including extensive testing to detect potential errors, double checks to ensure data integrity, and increasing the strength and size of its database infrastructure. The company apologized to ChatGPT users for the breach and pledged to improve its data security and privacy measures.
Despite the breach, ChatGPT has continued to enjoy record popularity since its launch in November 2022, with more than 1 billion visits to the site in February, according to Similarweb estimates. The platform reached 100 million monthly active users two months after its launch, making it the fastest-growing web application in history.