OpenAI, the San Francisco-based AI research company, has announced that a bug in the Redis open-source library was responsible for exposing other users’ personal information and chat titles on the company’s ChatGPT service.
The glitch, which occurred on March 20, 2023, allowed some users to view brief descriptions of other users’ conversations from the chat history sidebar. The company temporarily shut down the chatbot to fix the problem.
The issue may have resulted in the disclosure of payment-related information for 1.2% of ChatGPT Plus subscribers, including email addresses, payment addresses, the last four digits of a credit card number, and the credit card expiration date.
The company has reached out to affected users to notify them of the leak.
OpenAI said that the bug originated in the redis-py library, which caused canceled requests to corrupt connections and return unexpected data from the database cache, leading to unrelated user information being exposed.
Additionally, OpenAI noted that a server-side change was made by mistake that increased the error rate, causing an influx of request cancellations. The company said that the issue has since been resolved, and redundant checks have been added to ensure that the data returned by the Redis cache matches the requesting user.
In another issue related to caching, OpenAI addressed a critical account takeover vulnerability that could be exploited to take control of another user’s account, view their chat history, and access billing information without their knowledge.
This flaw was discovered by security researcher Gal Nagli, who found that by creating a specially crafted link that appended a .CSS resource to the “chat.openai[.]com/api/auth/session/” endpoint and tricking a victim to click on the link, the response containing a JSON object with the accessToken string would be cached in Cloudflare’s CDN.
The attacker could then use the cached response to harvest the target’s JSON Web Token (JWT) credentials and take over the account. The bug was fixed by OpenAI within two hours of responsible disclosure by Nagli.
