OpenAI: Sorry, ChatGPT Bug Leaked Payment Info to Other Users
OpenAI is confirming that a glitch on Monday caused ChatGPT to also expose payment details for paid users, in addition to leaking conversation histories from random users.
On Monday, users who tried to subscribe to the paid ChatGPT Plus service reported seeing email addresses from random users pop up in the payment form. But it turns out ChatGPT exposed even more info from paid users.
After initially confirming the conversation history leak, OpenAI published a more in-depth blog post(Opens in a new window) today going over Monday’s outage, which involved a software bug that caused ChatGPT to leak information on its internal database.
“Upon deeper investigation, we also discovered that the same bug may have caused the unintentional visibility of payment-related information of 1.2% of the ChatGPT Plus subscribers who were active during a specific nine-hour window,” the company said.
“In the hours before we took ChatGPT offline on Monday, it was possible for some users to see another active user’s first and last name, email address, payment address, the last four digits (only) of a credit card number, and credit card expiration date,” OpenAI added. “Full credit card numbers were not exposed at any time.”
However, the company says the chances of a stranger actually viewing all this payment info from a random subscriber is “extremely low.” That’s because the exposed payment details partly arrived through confirmation emails for new ChatGPT Plus subscribers sent on Monday morning, between 1 a.m. and 10 a.m. PST.
“Due to the bug, some subscription confirmation emails generated during that window were sent to the wrong users,” OpenAI said. “These emails contained the last four digits of another user’s credit card number,
Read more on pcmag.com
