ChatGPT data breach confirmed by OpenAI, issuing warning on active users’ chat history leak
On Monday last week (20), the company OpenAI, responsible for the generative artificial intelligence of ChatGPT, admitted that it had shut down its servers due to a security vulnerability. After a week of investigation, the company confirmed the leak of sensitive user data, including conversation history.
- The ChatGPT bug exposes the user’s chat history
- Fake ChatGPT Chrome extension steals Facebook accounts
OpenAI has confirmed a data breach caused by a bug in an open source library. Additionally, cybersecurity firm GreyNoise has noticed that a recently introduced component is affected by an actively exploited vulnerability.
What does this mean in practice? Well, according to OpenAI’s investigation, the chat history titles of active users and the first message of a newly created conversation were exposed in the data breach. The bug also exposed payment information belonging to 1.2% of ChatGPT Plus subscribers, including first and last name, email address, payment address, payment card expiration date, and the last four digits of their card number. payment card of the customer.
OpenAI also said that the information was exposed during a nine-hour window last Monday and added that some of the content could also have been leaked before March 20. “We have reached out to inform affected users that their payment information may have been exposed. We are confident that there are no ongoing risks to user data,” the company said in its blog post.
To avoid new related issues, the company says it has taken the following actions:
- We have tested our bug fix extensively;
- Added redundant checks to ensure data is returned from our Redis cache [onde resultou o problema na biblioteca de código aberto] match the requesting user;
- We programmatically review our logs to ensure all messages are available only to the correct user;
- We correlate multiple data sources to precisely identify affected users so that we can alert them;
- We’ve improved the log to identify when this is happening and confirm it has stopped altogether;
- We’ve improved the robustness and scalability of our advanced Redis cluster to reduce the likelihood of connection failures under extreme load conditions.
ChatGPT issue discovered by security firm
On Friday (24th), threat intelligence firm GreyNoise issued an alert about a new ChatGPT feature that augments the chatbot’s information-gathering capabilities through the use of plug-ins.
GreyNoise noted that the code samples provided by OpenAI to customers interested in using its plug-ins with the new feature include an image affected by a vulnerability. The docker image version used in the OpenAI example, version 2022-03-17, is affected by CVE-2023-28432, a security flaw that can be exploited to obtain sensitive keys and root passwords.
To make matters worse, GreyNoise has already detected several attempts to exploit the vulnerability out there. “While we have no information to suggest that a specific actor is targeting example instances of ChatGPT, we have observed that this vulnerability is being actively exploited in the wild. When attackers attempt mass identification and mass exploitation of vulnerable services , ‘everything’ is in scope, including any distributed ChatGPT plug-in that uses this outdated version of MiniIO,” the security firm warned.
Trending on Canaltech:
- Shein: Product’s most expensive tax surprises consumers
- Pope supports the use of artificial intelligence, but calls for ethics and accountability
- Coffee consumption increases the premature ventricular beat and disturbs sleep
- The situation | Meet the Brazilian road movie that will make you laugh
- A “hole” 20 times larger than the Earth appears on the surface of the Sun
- Google Drive now has a limit of 5 million files
Source: Terra
Rose James is a Gossipify movie and series reviewer known for her in-depth analysis and unique perspective on the latest releases. With a background in film studies, she provides engaging and informative reviews, and keeps readers up to date with industry trends and emerging talents.
