OpenAI, the developer of ChatGPT, stated that it has suffered a potential data breach in ChatGPT’s source code due to a vulnerability in the software. OpenAI “took ChatGPT offline…due to a bug in an open-source library which allowed some users to see titles from another active user’s chat history…the same bug may have caused the unintentional visibility of payment-related information” of some ChatGPT subscribers who were using ChatGPT on March 20, 2023. The information that may have been accessible included “name, email address, payment address, credit card type and the last four digits (only) of a credit card number, and credit card expiration date.”
According to OpenAI, “the bug was discovered in the Redis client open-source library,” that was used by OpenAI to cache user information.
Not only is there concern about the use of artificial intelligence tools by threat actors to attack victims, but the very companies that are developing them will be directly attacked, as OpenAI was, giving threat actors the ability to weaponize chatbots further. According to Security Intelligence, “Only time will tell if the technology will be the victim of attacks or the source.”