Earlier, a ChatGPT bug exposed conversation histories to other users, but now reports indicate that the bug also exposed the payment details of paid users (ChatGPT Plus subscribers).
OpenAI has confirmed that a software bug on Monday caused ChatGPT to expose conversation histories from random users and payment details for some paid users. As a result, the company has reached out to affected users and implemented measures to prevent similar incidents in the future.
The glitch was first reported on Monday when users attempting to subscribe to the paid ChatGPT Plus service noticed email addresses from random users appearing in the payment form.
Upon further investigation, OpenAI discovered that the glitch also exposed payment-related information of 1.2% of the ChatGPT Plus subscribers who were active during a specific nine-hour window.
The exposed payment details included the first and last name, email address, payment address, last four digits of a credit card number, and credit card expiration date of another active user. However, OpenAI has emphasized that full credit card numbers were not exposed at any time.
OpenAI believes that the chances of a stranger viewing this payment information are extremely low because the exposed details partly arrived through emails confirming the subscription of new ChatGPT Plus users on Monday morning between 1 a.m. and 10 a.m. Pacific Standard Time (PST). Certain subscription confirmation emails created within that time frame were delivered to incorrect recipients as a result of the glitch.
If a user accessed the “My Account” function on ChatGPT’s website and clicked on the “Manage my subscription” feature between 1 a.m. and 10 a.m., other payment details would have been visible to them.
In a blog post, OpenAI apologized to its users and reached out to affected users about the potential data breach. The company has also identified the cause of the leak, blaming it on a bug in an open-source library used to run a Redis database.
To prevent similar incidents from occurring, OpenAI has patched the ChatGPT bug and added safeguards to ensure requests to the Redis caches match the requesting user. OpenAI is confident that there is no ongoing risk to users’ data. In addition, the chat history sidebar appears to be restored on ChatGPT.
If you are currently a paid subscriber and believe that your payment information has been exposed, it is recommended that you monitor your account for any unauthorized activity and contact your bank if you suspect any fraudulent charges.