HQ/EMEAFind out how we can help your business
Users of the massively popular artificial intelligence tool ChatGPT were alarmed after a breach transpired that instigated a temporary operational outage. OpenAI, the company that runs ChatGPT, posted a statement on its website revealing that sensitive user details have been exposed in the security incident.
OpenAI’s blog post disclosed that a bug in its open-source library, Redis, caused the breach that allowed ChatGPT Plus subscribers to see other active users’ data, such as full names, email addresses, payment addresses, credit card numbers’ last four digits, and credit card expiry dates. Users’ chat histories have also been exposed.
Studies show that OpenAI utilises the Redis open-source library for caching user data, helping them acquire faster recall and access to them. However, a bug in Redis caused an alarming security breach in ChatGPT’s systems, leading to concerns about how critical data privacy is to AI tools that are constantly being fed with sensitive information.
Experts fear that a minor breach in AI tools like ChatGPT could eventually lead to bigger problems.
Despite OpenAI immediately patching the Redis bug a few days since it was found, cybersecurity experts are apprehensive about its long-term damage to data security.
As mentioned, the vulnerability exposed ChatGPT users’ sensitive details, like credit card information and chat histories. Malicious actors fast enough to exploit this breach could steal the exposed data and use it for cyberattack purposes, such as phishing, identity theft, fraud, or hacking.
According to OpenAI, their abrupt action to the ChatGPT breach allowed them to mitigate and control its damage, affecting less than 1% of its ChatGPT Plus subscribers. Nonetheless, this case is an indication and an example of the risks brought by artificial intelligence tools that could later cause more massive impacts amongst its consumers.
All affected users have been notified of the security incident, including their payment information being exposed. These users are assured that there is no ongoing risk to their data following the company’s swift action in containing it. OpenAI apologised to the entire ChatGPT community and pledged to take data security seriously amidst falling short of their commitment.
Redis also collaborated with the company to address the bug through a new patch. OpenAI expressed its appreciation towards the open-source database platform, admiring its crucial role in scaling ChatGPT’s capabilities.
