OpenAI CEO Sam Altman said the disclosure was caused by a “bug in an open source library.” While a fix has been issued, the conversation history sidebar remains unreachable.
In a privacy blunder, OpenAI revealed that a bug earlier this week allowed ChatGPT to disclose the chat logs of random users.
“We feel bad about this,” OpenAI CEO Sam Altman tweeted on Wednesday.
ChatGPT archives and shows previous discussions, providing a running record of all text inputs into the application. On Monday morning, several folks noticed(Opens in a new window) that the chat history feature presented unknown old discussions from other people.
On the same day, ChatGPT encountered an outage. OpenAI kept silent until Altman ultimately acknowledged the data vulnerability on Wednesday. “A tiny fraction of users were able to access the titles of other users’ discussion histories,” he tweeted without going into more detail.
While some speculated that the privacy breach resulted from a cyberattack, Altman blamed it on a software issue in an undisclosed “open source package.” The good news is that OpenAI has issued a verified fix. Yet, the firm may have misplaced consumers’ conversation history for Monday, March 20.
“Unfortunately, users will be unable to view their conversation history from Monday 1 am PDT to Monday 10 am PDT,” Altman added, referring to the window during which the incident occurred.
Altman noted that the business intends to provide further information via a “technical postmortem.” Meanwhile, ChatGPT’s chat history sidebar has been unavailable since Monday.
It’s unclear if the flaw compromised any sensitive personal information. But, according to Altman’s tweet, just the “titles” of other users’ chat histories were disclosed, not the entire contents. Users who attempted to access the disclosed chat records reported an issue that prohibited complete disclosure. The leaked titles also did not indicate who owned the chat history.
Despite Altman’s tweet, OpenAI has failed to resolve another apparent flaw that enabled the ChatGPT Plus payment form to seem to leak other users’ email addresses on Monday morning. Requests for comment have yet to be answered by the corporation.
