OpenAI Confirms ChatGPT Data Breach

The remarkable chatbot, ChatGPT, has been all over the news since its release several months ago, receiving both positive and negative coverage. While a user can do amazing things with ChatGPT, there are concerns over safety, privacy, and its use by cybercriminals and online scammers. Bodies as diverse as Samsung and the Italian government have initiated bans on the use of ChatGPT, while experts have called for a pause in AI development.

Such coverage came to a head recently when Geoffrey Hinton, the so-called “godfather of AI”, publicly quit Google in order to act with objectivity and warn of the dangers inherent to AI systems like ChatGPT and Google’s Bard. “There’s an enormous upside from this technology, but it’s essential that the world invests heavily and urgently in AI safety and control”, Hinton said.

If the above wasn’t enough for parent company OpenAI, ChatGPT then suffered its first data breach.

OpenAI, the creator of ChatGPT, has confirmed that a bug in the AI’s source code resulted in a breach of sensitive data. The vulnerability was in the Redis memory database, which OpenAI uses to store user information. Actors were able to access the open-source library and view users’ chat history.

Furthermore, approximately 1.2% of ChatGPT Plus subscribers who were active on March 20th may have had payment information compromised due to the bug. The incident exposed names, email addresses, payment addresses, credit card types, and the last four digits of credit card numbers. In a press release, OpenAI added:

“It’s also possible that the first message of a newly-created conversation was visible in someone else’s chat history if both users were active around the same time.”

OpenAI has stated that the number of affected users was very low and that the vulnerability was patched shortly after discovery. The company has assured users that there is no ongoing risk to users’ data, adding:

“We have reached out to notify affected users that their payment information may have been exposed […] We apologize again to our users and to the entire ChatGPT community and will work diligently to rebuild trust.”

Compromised personal data can have serious consequences, including identity theft, financial fraud, and job losses. The best thing you can do is a) have reliable cybersecurity protection, and b) ensure you will find out ASAP in the event of being affected. We would encourage readers to head over to our new FREE ID Protection platform, which has been designed to meet these challenges.

With ID Protection, you can:

All this for free — why not give it a go today? As always, we hope this article has been an interesting and/or useful read. If so, please do SHARE it with family and friends to help keep the online community secure and informed — and consider leaving a like or comment below. Here’s to a secure 2023!

newsletter subscription