OpenAI, the creator of ChatGPT has confirmed that it suffered from a data breach that was caused by a bug in an open source library. In addition, a cybersecurity firm identified an actively exploited vulnerability affecting its recently introduced component. OpenAI stated on Friday that it had taken the chatbot offline temporarily to address the flaw. The company stated that it worked with maintainers of the Redis data platform to patch the flaw, which may have resulted in the exposure of user information.
The issue was related to ChatGPT’s use of Redis-py, an open source Redis client library that was introduced in late March. Redis is used to cache user information in their server that help to avoid having to check the database for every request. According to OpenAI’s investigation, the titles of active users’ chat history and the first message of a newly created conversation were exposed in the data breach. The bug also exposed payment information belonging to a very small portion of ChatGPT Plus subscribers including personally identifiable information such as first and last name, email address, payment address, payment card expiration date, and the last four digits of the customer’s card number.
Read More: ChatGPT Data Breach Confirmed as Security Firm Warns of Vulnerable Component Exploitation