OpenAI reported this Friday (24) that 1.2% of ChatGPT Plus subscribers had personal data leaked. The cause was the bug that showed other users’ history for other accounts. OpenAI reports that it has already reached out to ChatGPT Plus members who were victims of the leak.
Contrary to what was published before, the leak was not just information published in conversations. In its guidelines, OpenAI says that users should not disclose sensitive data in conversations with ChatGPT.
OpenAI explained that, during a period of nine hours, users could access or receive data from other ChatGPT Plus subscribers: first name, last name, email, billing address and the last four digits of the card. No service member has had all card numbers revealed. In one of the cases, this data was only visible if the two users are connected at the same time. The company did not disclose the total number of accounts that had personal information leaked.
Bug sent wrong emails on account confirmation
The company revealed that between 5 am and 2 pm Brasilia time on March 20, subscription confirmation emails sent the wrong data to new users. OpenAI still claims that the problem may have happened before the 20th, but there are still no confirmations about this.
Despite the seriousness of the case, jokes with the leak began in the first minutes of the OpenAI statement. Or, as user @stetsblake put it, the case put “open” back in OpenAI — a pun on the company name, which means Open AI in literal translation.
“You are opening (open) new roads to the world”
Leak linked to bug and ChatGPT down
On Monday (20), ChatGPT was mostly offline for all users, including ChatGPT Plus subscribers — in theory, they don’t face the queue to access AI. The next day, OpenAI revealed that it took ChatGPT offline to resolve the bug that showed users’ chat history in other accounts.
In its official statement, OpenAI reported that the first message of a recent conversation could be accessed in another person’s chat if both users were online at the same time. The company believes that a small number of users were affected – but the exact number of victims was not disclosed.