OpenAI: ChatGPT payment data leakage due to open source library vulnerability

Redis open source library vulnerability caused ChatGPT payment data leakage.

Event Review

On March 20, multiple ChatGPT subscribers reported seeing other users’ email addresses on their subscription pages.

Original tweet

Subsequently, OpenAI took ChatGPT offline and investigated the issue, but did not The reason why ChatGPT stopped serving was not stated.

Figure Status information during ChatGPT outage

Open source library vulnerability after data leakage

On March 24, OpenAI released a report stating that the cause of this unexpected incident was a vulnerability in the Redis client open source library redis-py, which caused ChatGPT to expose other users’ chat session queries and personal information, about 1.2 % of ChatGPT Plus subscribers are affected. The exposed information included subscriber names, email addresses, payment addresses, the last four digits of credit cards and credit card expiration dates.

OpenAI stated that the time window when the problem occurred was 9 hours. Nine hours before ChatGPT stopped serving, some users may have been able to see other users' names, email addresses, payment addresses and other information, but credit card numbers were not completely exposed. OpenAI believes that the impact of the data breach on users is very small, because specific steps are required to see this information, including:

Open the subscription confirmation email sent between 1:00 and 10:00 on March 20;

In ChatGPT, click My Account—>Manage My Subscriptions.

After OpenAI discovered this security issue, it has contacted the Redis maintainers and released a patch to fix the security vulnerability. OpenAI said it has contacted all ChatGPT users whose personal payment information was exposed.

This article is translated from: https://www.bleepingcomputer.com/news/security/openai-chatgpt-payment-data-leak-caused-by-open-source-bug/

The above is the detailed content of OpenAI: ChatGPT payment data leakage due to open source library vulnerability. For more information, please follow other related articles on the PHP Chinese website!