ChatGPT leaks user credit card details

Published: 24 March 2023
Last updated: 2 June 2023
1
OpenAI ChatGPT account
Image by Ascannio | Shutterstock

Open AI said a small percentage of ChatGPT Plus users may have had their payment information leaked during Monday's ChatGPT outage.

“In the hours before we took ChatGPT offline on Monday, it was possible for some users to see another active user’s first and last name, email address, payment address, the last four digits (only) of a credit card number, and credit card expiration date. Full credit card numbers were not exposed at any time,” OpenAI announced Friday.

ADVERTISEMENT

The company had purposefully taken ChatGPT offline Monday, March 20, between 1am and 10am PDT, to fix a bug in the system.

OpenAI CEO Sam Altman described the bug – found in ChatGPT’s open-source library – as a “significant issue” in a tweet he published after the fix.

The original Altman tweet explained “a small percentage of users were able to see the titles of other users’ conversation history. we feel awful about this.”.

The outage also caused a global commotion among millions of users seemingly unaware of the plan.

Now, the company has revealed that during the nine-hour window, while ChatGPT was down so the bug could be fixed, about 1.2% of ChatGPT Plus users may have had their payment data leaked to other ChatGPT users which could be significant, as recent stats show Plus hosts roughly one million subscribers.

ChatGPT Plus is a $20-per-month pilot subscription plan that allows users to unlock more of the platform's features and runs on the latest and more advanced GPT-4 technology.

OpenAI said its already reached out to any users believed to have been impacted during the outage.

ADVERTISEMENT


The Microsoft-backed company provided a detailed explanation of how it all happened in an announcement posted on the OpenAI webpage Friday.

Besides being able to see the titles in another user’s chat history, OpenAI also revealed it that if two users were active at the same time, they may have also been able to see the first message of a newly-created conversation.

“Upon deeper investigation, we also discovered that the same bug may have caused the unintentional visibility of payment-related information of 1.2% of the ChatGPT Plus subscribers who were active during a specific nine-hour window,” the company said.

Open AI then provided even more specifics on two separate circumstances that would have had to play out for the leak to happen.

Circumstance 1
  • Open a subscription confirmation email sent on Monday, March 20, between 1 a.m. and 10 a.m. Pacific time.
  • Due to the bug, some subscription confirmation emails generated during that window were sent to the wrong users.
  • These emails contained the last four digits of another user’s credit card number, but full credit card numbers did not appear.
Circumstance 2
  • In ChatGPT, click on “My account,” then “Manage my subscription” between 1 a.m. and 10 a.m. Pacific time on Monday, March 20.
  • During this window, another active ChatGPT Plus user’s first and last name, email address, payment address, the last four digits (only) of a credit card number, and credit card expiration date might have been visible.

OpenAI also revealed that it was possible for both of these circumstances to have happened prior to March 20, although it said “we have not confirmed any instances of this.”

ADVERTISEMENT

"The bug is now patched. We were able to restore both the ChatGPT service and, later, its chat history feature, with the exception of a few hours of history," OpenAI said.

The company reiterated that the chances of a users personal data being leaked were extremely low, and there is no ongoing risk for users at this time.

“Everyone at OpenAI is committed to protecting our users’ privacy and keeping their data safe. It’s a responsibility we take incredibly seriously,” the statement said.

“Unfortunately, this week we fell short of that commitment, and of our users’ expectations. We apologize again to our users and to the entire ChatGPT community and will work diligently to rebuild trust,” OpenAI concluded.

The announcement also provided the complete technical details involved in fixing the problem and a list of actions taken to improve the OpenAI systems.

ChatGPT Plus, first available in the US only, was expanded to users worldwide on February 10.

Open AI released its "generative pre-trained transformer" in November. An estimated 100 million people were using ChatGPT by January.

Share
Post
Share
Share
Share
More from Cybernews
Meta has quietly shipped the technology needed for facial recognition glasses
Hackers getting an easy ride: misconfigured cloud settings behind growing number of data breaches
Anthropic claims AI is too fast and needs to hit the brakes: let’s take it with a pinch of salt
US lawmakers push new bill on AI safety, state law limits, worker protections
Pewdiepie declares war on big tech following the release of his free and local AI workspace
California tech CEO busted for selling forbidden US technology to Iran’s nuclear agency
ADVERTISEMENT

Comments

Ryan Credito
prefix 3 years ago
that is big problem.
Leave a Reply

Your email address will not be published. Required fields are markedmarked