Home > Technology peripherals > AI > OpenAI: ChatGPT payment data leakage due to open source library vulnerability

OpenAI: ChatGPT payment data leakage due to open source library vulnerability

PHPz
Release: 2023-04-08 10:11:27
forward
1622 people have browsed it

Redis open source library vulnerability caused ChatGPT payment data leakage.

Event Review

On March 20, multiple ChatGPT subscribers reported seeing other users’ email addresses on their subscription pages.

OpenAI: ChatGPT payment data leakage due to open source library vulnerability

OpenAI: ChatGPT payment data leakage due to open source library vulnerability

Original tweet

Subsequently, OpenAI took ChatGPT offline and investigated the issue, but did not The reason why ChatGPT stopped serving was not stated.

OpenAI: ChatGPT payment data leakage due to open source library vulnerability

Figure Status information during ChatGPT outage

Open source library vulnerability after data leakage

On March 24, OpenAI released a report stating that the cause of this unexpected incident was a vulnerability in the Redis client open source library redis-py, which caused ChatGPT to expose other users’ chat session queries and personal information, about 1.2 % of ChatGPT Plus subscribers are affected. The exposed information included subscriber names, email addresses, payment addresses, the last four digits of credit cards and credit card expiration dates.

OpenAI stated that the time window when the problem occurred was 9 hours. Nine hours before ChatGPT stopped serving, some users may have been able to see other users' names, email addresses, payment addresses and other information, but credit card numbers were not completely exposed. OpenAI believes that the impact of the data breach on users is very small, because specific steps are required to see this information, including:

Open the subscription confirmation email sent between 1:00 and 10:00 on March 20;

In ChatGPT, click My Account—>Manage My Subscriptions.

After OpenAI discovered this security issue, it has contacted the Redis maintainers and released a patch to fix the security vulnerability. OpenAI said it has contacted all ChatGPT users whose personal payment information was exposed.

This article is translated from: https://www.bleepingcomputer.com/news/security/openai-chatgpt-payment-data-leak-caused-by-open-source-bug/

The above is the detailed content of OpenAI: ChatGPT payment data leakage due to open source library vulnerability. For more information, please follow other related articles on the PHP Chinese website!

source:51cto.com
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template