In case you missed it, Open AI published a blog on Friday revealing the reason ChatGPT suffered an outage on March 20. As it turned out, the AI chatbot was temporarily taken down due to a bug that allowed users to see others' conversations.
It doesn't stop there. Open AI also discovered that there was a moment in time in which that same security flaw exposed some users' credit card details. However, Open AI chatbot claims that the number of users affected by this vulnerability is "extremely low."
Who was affected by the ChatGPT credit card leak?
Open AI revealed that 1.2% of ChatGPT Plus subscribers, members who pay $20 a month for faster response times, access to the chatbot during peak times, and exclusive access to new improvements and features, were affected by the credit-card leak.
Users who were active during a nine-hour window potentially had the last four digitals of their credit card numbers leaked as well as the expiration date. "Full credit card numbers were not exposed at any time," Open AI said. Other details that were exposed include first and last names, and payment addresses.
Open AI explained two ways in which ChatGPT subscribers could have seen others' sensitive information.
1. Opening a subscription confirmation email sent on March 20 between 1 a.m. and 10 a.m. PT. Some of these emails were sent to the wrong users and exposed the last four digits of others credit card details.
2. Navigating to My Account > Manage my subscription in ChatGPT between 1.a.m. and 10 a.m. PT on March 20. Other users' sensitive information, including credit card details, may have been visible during this window.
Open AI repeatedly mentioned that full credit card numbers did not appear during the data leak. Fortunately, the bug is now patched, allowing Open AI to bring ChatGPT back online.
Open AI concluded its blog post stating that it made a promise to protecting users' privacy, but unfortunately, it fell short of that commitment. "We apologize again to our users and the entire ChatGPT community," Open AI said, adding that it will work untiringly to rebuild users' trust.