OpenAI has confirmed a data breach involving its ChatGPT chatbot, which was caused by a bug in the Redis-py open source library. The breach occurred on the same day a security firm warned about a vulnerable component being exploited. OpenAI took ChatGPT offline earlier in the week to work with the maintainers of the Redis data platform and patch the flaw, which exposed user information. The issue was introduced by a change made by OpenAI on March 20. ChatGPT developers use Redis to cache user information in their server, and the Redis-py library serves as a Python interface. The bug led to ChatGPT users seeing chat data belonging to others.
According to OpenAI's investigation, the titles of active users' chat history and the first message of a newly created conversation were exposed in the data breach. Payment-related information for 1.2% of ChatGPT Plus subscribers was also exposed, including first and last name, email address, payment address, payment card expiration date, and the last four digits of the customer's card number. This information may have been included in subscription confirmation emails sent on March 20 and displayed in the subscription management page in ChatGPT accounts on the same day. OpenAI confirmed that the information was exposed during a nine-hour window on March 20, but admitted that information might have been leaked prior to March 20 as well. "We have reached out to notify affected users that their payment information may have been exposed. We are confident that there is no ongoing risk to users' data," OpenAI said in a blog post.
In addition to the data breach, a separate ChatGPT security issue emerged last week. Threat intelligence company GreyNoise issued a warning about a new ChatGPT feature that expands the chatbot's information collecting capabilities through the use of plugins. GreyNoise observed that the code examples provided by OpenAI to customers interested in integrating their plugins with the new feature include a docker image for the MinIO distributed object storage system. The docker image version used in OpenAI's example, release 2022-03-17, is affected by CVE-2023-28432, a potentially serious information disclosure vulnerability. The security hole can be leveraged to obtain secret keys and root passwords, and GreyNoise has already seen attempts to exploit the vulnerability in the wild. "While we have no information suggesting that any specific actor is targeting ChatGPT example instances, we have observed this vulnerability being actively exploited in the wild. When attackers attempt mass-identification and mass-exploitation of vulnerable services, 'everything' is in scope, including any deployed ChatGPT plugins that utilize this outdated version of MinIO," the security firm warned.