ChatGPT Suffers First Major Personal Data Breach

ChatGPT Suffers First Major Personal Data Breach

The Gist

  • Trouble in chatbot paradise. OpenAI’s ChatGPT suffered a data breach on March 20.
  • Fixes going forward? OpenAI has taken various action steps to address the issue.

OpenAI’s ChatGPT has suffered its first major personal data breach.

The breach came during a March 20 outage and exposed payment-related and other personal information of 1.2% of the ChatGPT Plus subscribers who were active during a specific nine-hour window, according to a blog post by OpenAI Friday, March 24.

“In the hours before we took ChatGPT offline on Monday, it was possible for some users to see another active user’s first and last name, email address, payment address, the last four digits (only) of a credit card number, and credit card expiration date. Full credit card numbers were not exposed at any time,” OpenAI officials wrote today.

What’s the big message to marketers and customer experience professionals? Fascinating as the world’s most popular chatbot is — and how it can aid marketing and customer experience campaigns — this is another avenue where people feed technology with personal data. And data privacy is paramount. Look no further than US Congress’ grilling this week of TikTok’s CEO

Open-Source Bug Led to Breach Discoveries

Why did OpenAI take ChatGPT offline in the first place? Officials said they found a bug in an open-source library, which allowed some users to see titles from another active user’s chat history. “It’s also possible that the first message of a newly created conversation was visible in someone else’s chat history if both users were active around the same time,” OpenAI officials said.

The company patched the bug and reported technical details of this problem. However, as the company patched the bug, that’s when it discovered the same bug may have caused breach of more personal data.

Related Article: OpenAI Incorporates Web Search Into ChatGPT With Web Browser Plugin

Source link