"ChatGPT Suffers First Data Breach, Exposes Personal Information" 24 March 2023

OpenAI's ChatGPT has suffered its first major personal data breach. The breach came during a March 20 outage and exposed payment-related and other personal information of 1.2% of the ChatGPT Plus subscribers who were active during a specific nine-hour window, according to a blog post by OpenAI Friday, March 24.

"In the hours before we took ChatGPT offline on Monday, it was possible for some users to see another active user’s first and last name, email address, payment address, the last four digits (only) of a credit card number, and credit card expiration date. Full credit card numbers were not exposed at any time," OpenAI officials wrote today...

...Why did OpenAI take ChatGPT offline in the first place? Officials said they found a bug in an open-source library, which allowed some users to see titles from another active user’s chat history. "It’s also possible that the first message of a newly created conversation was visible in someone else’s chat history if both users were active around the same time," OpenAI officials said.

The company patched the bug and reported technical details of this problem. However, as the company patched the bug, that's when it discovered the same bug may have caused breach of more personal data.

In a tweet, Sam Altman, the CEO of OpenAI said, "We had a significant issue in ChatGPT due to a bug in an open source library, for which a fix has now been released and we have just finished validating. A small percentage of users were able to see the titles of other users’ conversation history. We feel awful about this."