On Tuesday, OpenAI had to take its popular ChatGPT bot offline for emergency maintenance after a user found a bug in the system that allowed them to see the titles of other users’ chat histories. The incident was widely reported on Reddit, with users posting screenshots of their ChatGPT sidebars displaying previous chat histories from other users. The bot was offline for nearly 10 hours while OpenAI investigated the issue.
OpenAI‘s initial findings from the incident, which were announced on Friday, revealed a deeper security issue. The chat history bug may have potentially revealed personal data from 1.2 percent of ChatGPT Plus subscribers. The affected data included the user’s first and last name, email address, payment address, and the last four digits of a credit card number, as well as the credit card expiration date. However, full credit card numbers were not exposed at any time.
The company identified the faulty library as the Redis client open-source library, Redis-py, which has since been patched. OpenAI has taken additional steps to prevent such incidents from happening again, including adding redundant checks to library calls, programmatically examining their logs to ensure that all messages are only available to the correct user, and improving logging to identify when such incidents are happening and confirm that they have stopped. OpenAI has also contacted affected users to alert them to the issue.
The incident is quite similar to previous incidents at Google and CNET, where they made public mistakes and used generative AI to write financial explainer posts, respectively. It remains to be seen whether OpenAI will suffer similar repercussions as its competitors.
RELATED:
- Tencent plans to rollout WeChat Chatbot Similar to ChatGPT, but says not in a rush to be the first
- Google opens public access to Bard AI Chatbot: the much-awaited rival of ChatGPT
- Best Curved Monitors 2023: Impressive Designs and Performance
(Via)
