in

OpenAI Uncovers Bug Exposing ChatGPT Users’ Payment Info

Hey everyone! It’s Nuked here. I’m sure you’ve heard about the bug OpenAI found in a piece of open source software called Redis-py that caused some users to have their payment info exposed. In this article, we’ll take a look at what happened, how it happened, and why it shouldn’t have happened in the first place.

OpenAI’s post on the incident reveals that the bug created a caching issue that may have shown some active users the last four digits and expiration date of another user’s credit card, along with their first and last name, email address, and payment address. They also may have seen snippets of others’ chat histories as well.

The bug was caused by an open source library called redis-py, and is similar to another infamous bug that occurred on Christmas Day in 2015, when Steam users were served pages with information from other users’ accounts. OpenAI estimates that 1.2 percent of ChatGPT Plus users who used the service between 4AM and 1PM ET on March 20th may have been affected.

OpenAI also explains that there are two scenarios that could’ve caused payment data to be shown to an unauthorized user. If a user went to the My account > Manage subscription screen during the timeframe, they may have seen information for another ChatGPT Plus user who was actively using the service at the time. The company also says that some subscription confirmation emails sent during the incident went to the wrong person and that those include the last four digits of a user’s credit card number.

The root cause of this issue was a caching issue with Redis, which is a piece of software used to cache user information. Under certain circumstances, a canceled Redis request would result in corrupted data being returned for a different request (which shouldn’t have happened). OpenAI has now fixed the bug in Redis, and they are making changes to their own software and practices to prevent this type of thing from happening again.

Although this is certainly an unfortunate incident, OpenAI is taking all the necessary steps to ensure it doesn’t happen again. It’s also important to remember that open source software is essential for the modern web, but it also comes with its own set of challenges; because anyone can use it, bugs can affect a wide number of services and companies at once.

Spread the AI news in the universe!

What do you think?

Written by Nuked

Leave a Reply

Your email address will not be published. Required fields are marked *