ChatGPT bug exposes user chat histories, payment info
Occurred: March 2023
Report incident 🔥 | Improve page 💁 | Access database 🔢
The chat histories and payment details of ChatGPT users were exposed to other users, prompting users to complain about poor system robustness, security and privacy.
A bug in OpenAI's ChatGPT allowed multiple users to view the titles of other users' conversation histories. The issue first surfaced when a user noticed unfamiliar titles in their chat history sidebar, leading to fears that their account had been hacked. Some billing details were exposed for a small percentage of users.
OpenAI confirmed the glitch, which was attributed to a vulnerability in the redis-py open-source library used for managing user data.
According to the company, 'In the hours before we took ChatGPT offline on Monday, it was possible for some users to see another active user’s first and last name, email address, payment address, the last four digits (only) of a credit card number, and credit card expiration date. Full credit card numbers were not exposed at any time.'
Users' conversations with ChatGPT are stored in their chat history bar and can be revisited.
System 🤖
Documents 📃
OpenAI (2023). ChatGPT Web Incident Report
OpenAI (2023). ChatGPT outage: Here's what happened
News, commentary, analysis 🗞️
Page info
Type: Incident
Published: April 2023
Last updated: November 2023