ChatGPT in its official announcement reports a bug in an open-source library that led to a ChatGPT outage on March 20.
The bug allowed some users to see titles from other users’ chat histories.
The same bug may have caused the unintentional visibility of payment-related informationof 1.2% of the active ChatGPT Plus subscribers during a specific 09-hour window.
Details exposed are the user’s first and last name, email address, payment address, the last four digits (only) of a credit card number, and credit card expiration date.
They clarify that the bug only appeared in the Asyncio redis-py client for Redis Cluster, and has now been fixed.
"Everyone at OpenAI is committed to protecting our users’ privacy and keeping their data safe. Unfortunately, this week we fell short of that commitment, and of our users’ expectations."
To fix this, they have added redundant checks, programmatically examined their logs, and improved logging and the robustness and scale of Redis cluster.