last tuesday OpenAI It was forced to conduct an emergency offline maintenance on ChatGPT because someone found a loophole in its system that may cause the content of the title in the user’s conversation record to be restored by others. According to screenshots that users posted to Reddit, their ChatGPT sidebars show title-only chats from other users. To investigate the matter, OpenAI took ChatGPT offline for nearly ten hours. It turned out that there was a more dangerous security risk in the system. This bug, which restores the conversation title to someone else’s interface, may also potentially leak the personal data of 1.2% of ChatGPT Plus paid users.
“In the hours before ChatGPT went offline on Monday, some users may have seen another active user’s first name, last name, email address, payment address, last four digits of credit card, and credit card expiration date,” OpenAI said in an announcement. wrote, “The complete credit card number has not been leaked at any time, and the relevant loopholes have been patched.” According to them, basically only during the period of 1:00 am to 10:00 am Pacific time on March 20th , the limited information of some users will be seen by others in the form of email or wrong display on the ChatGPT account page. There may also be a few cases before March 20, but the official has not received any relevant reports so far.
To prevent similar problems from happening in the future, OpenAI has committed to taking additional measures such as adding redundant checks. They have also contacted potentially affected users to alert them to the situation.