OpenAI has disclosed that certain users' sensitive data, including their names, email addresses, and payment information, may have been leaked by ChatGPT due to a caching vulnerability in the redis-py open-source library, The Verge reports.
Nearly 1.2% of ChatGPT Plus users last Monday from 4 a.m. to 1 p.m. ET may have had their data exposed due to the flaw, according to OpenAI. OpenAI noted that the leak of sensitive data and chat history stemmed from an error in Redis' caching process, with a canceled request returning corrupted data from another request.
Moreover, the issue was further exacerbated by OpenAI's server change that prompted a significant increase in canceled Redis requests, which resulted in higher odds of yielding unrelated caches to users. Such a caching vulnerability in Redis has already been addressed, with OpenAI noting that software changes, including redundant checks, are underway in an effort to avoid the reoccurrence of exposed records.