OpenAI Confirms ChatGPT Data Breach
OpenAI has confirmed that there was a data breach in its artificial intelligence-powered chatbot, ChatGPT. The vulnerability was found in the source code of the Redis open-source library used by the chatbot. As a result, some users could view titles from the chat history of another active user and could also potentially view the first message of a new conversation if both users were active at the same time.
The bug also caused unintentional visibility of payment-related information for premium ChatGPT users who were active between 1-10am PST on March 20. This information includes names, email addresses, payment addresses, credit card types, and the last four digits of the payment card number. However, no full payment card information was visible at any time. OpenAI believes that the number of users affected by this bug is extremely low.
OpenAI took ChatGPT down immediately after discovering the bug on March 24 and patched it the same day. The company has also confirmed that it will contact all those affected by the data leak.
OpenAI's Response to the Data Breach
In response to the data breach, OpenAI has partnered with bug bounty platform, Bugcrowd, to launch a bug bounty program as part of their commitment to secure AI and to recognize and reward the valuable insights of security researchers who contribute to keeping their technology and company secure.
Through the bug bounty program, individuals will be able to report any security flaws, vulnerabilities or bugs found within OpenAI's systems for a monetary reward ranging from US$200 for low-severity findings to $20,000 for exceptional discoveries.
Conclusion
OpenAI's swift action in taking down the chatbot and patching the bug after discovering the data breach is commendable. Their partnership with Bugcrowd to launch the bug bounty program shows their commitment to the security of their AI technology and company.
