Data breach at ChatGPT; users' personal info leaked

ChatGPT has reported data breach on its platform, exposing personal information, such as user’s first and last name, email address, payment address, last numbers of credit card, etc. of premium customers.

“Everyone at OpenAI is committed to protecting our users’ privacy and keeping their data safe. It’s a responsibility we take incredibly seriously. Unfortunately, this week we fell short of that commitment, and of our users’ expectations. We apologize again to our users and to the entire ChatGPT community and will work diligently to rebuild trust,” stated the company.
“Upon deeper investigation, we also discovered that the same bug may have caused the unintentional visibility of payment-related information of 1.2% of the ChatGPT Plus subscribers who were active during a specific nine-hour window. In the hours before we took ChatGPT offline on Monday, it was possible for some users to see another active user’s first and last name, email address, payment address, the last four digits (only) of a credit card number, and credit card expiration date. Full credit card numbers were not exposed at any time,” said the company in a blogpost.
It had taken ChatGPT offline earlier this week due to a bug in an open-source library which allowed some users to see titles from another active user’s chat history. It’s also possible that the first message of a newly created conversation was visible in someone else’s chat history if both users were active around the same time, said the company.
It announced that the bug has now been patched. “We were able to restore both the ChatGPT service and, later, its chat history feature, with the exception of a few hours of history,” it said.