post image

OpenAI Investigates Severe Security Gaffe Involving ChatGPT Bot

Austin Dean 26 Mar 2023

OpenAI, the artificial intelligence company that created the wildly popular ChatGPT bot, forced it offline for emergency maintenance on Tuesday in order to investigate a bug that had been exploited by some users to access chat histories from other customers. On Friday, the company revealed its initial findings and the severity of the security breach, which had the potential to reveal personal data from 1.2 percent of ChatGPT Plus subscribers.

The security breach allowed users to view headers of other users' conversations, although the text itself was not visible. In more serious cases, users could view other users' personal information, including their first and last names, email addresses, billing addresses, the last four digits of a credit card number, and the expiration dates of a credit card. Full credit card numbers were unavailable at all times. The root cause of the hack was identified and fixed as a faulty library, the open-source Redis client, redis-py.

OpenAI has since taken additional steps to protect its users and prevent a similar security breach from occurring again in the future. This includes making redundant checks to library calls, programmatically examining logs to make sure that messages are only available to the correct users, and improving logging to identify when this is happening. The company has also reportedly reached out to alert affected users of the issue. 

This news followed other AI-related blunders, such as Bard's AI falsely reporting on Twitter that JWST was the first telescope to image an exoplanet and CNET's use of generative AI to write financial explanatory posts a week before firing much of the editorial department. It remains to be seen whether OpenAI will suffer any consequences.

Finally, on Tuesday, OpenAI's ChatGPT system was forced to go offline for emergency maintenance after one user managed to exploit a bug in the system. On Friday, the company declared its initial findings and that there had been a potential leak of personal data from 1.2 percent of ChatGPT Plus subscribers. OpenAI has since taken steps to improve security and prevent future breaches. This news followed other AI-related blunders committed by competitors, and the implications of OpenAI's latest incident for the market have yet to be seen.