Beginning of the End? Behind the Latest Breach on ChatGPT

June 9, 2023

Introduction

Since bursting onto the scene in November 2022, ChatGPT has changed the game for artificial intelligence bots. Gone are the days of ELIZA and SmarterChild, with a few generic responses and the ability to “remember” your favorite hobbies. ChatGPT can get jobs at Google and invent new music. They now have more than 100M users and billions of visitors monthly.

In just six months, the program has made plenty of headlines. Some of them have highlighted the positive aspects of a robot capable of complex problem-solving, from tailoring suggestions to your preferences to helping out with customer service. Other articles lamented the ability to generate new, malicious code in mere minutes.

Now ChatGPT is in the news for another reason….their open-source library was exploited through a little-known vulnerability that exposed a lot of personal data.

The Breach on ChatGPT

Open-source code has become integral for software developers. It allows engineers to easily access and modify existing code, and thus create innovative solutions quickly and efficiently. Open-source code is also beneficial for businesses as it reduces their costs and provides access to a wide range of tools and libraries that can help them get the job done faster. Furthermore, open-source code helps foster collaboration between developers from all around the world, which in turn leads to better quality products.

For ChatGPT, though, this same open-source library is exactly what the hackers exploited. A vulnerability allowed threat actors “behind the scenes” for hours before the website shut down the website to minimize damage. It took days for the OpenAI team, who produces and manages ChatGPT, to resolve and patch the issue to get the platform up and running again.

That’s not all that the hackers did. The same incident that exploited their servers also exposed, albeit momentarily, the financial and personal information of other users as well as their chat history. In a statement, OpenAI said this about the incident:

Upon deeper investigation, we also discovered that the same bug may have caused the unintentional visibility of payment-related information of 1.2% of the ChatGPT Plus subscribers who were active during a specific nine-hour window. In the hours before we took ChatGPT offline on Monday, it was possible for some users to see another active user’s first and last name, email address, payment address, credit card type and the last four digits (only) of a credit card number, and credit card expiration date. Full credit card numbers were not exposed at any time.

Conclusion

Does this news change how you feel about the future of AI?

You’re not the only one with as many reservations as you have hopes. Although this particular oversight has been patched, according to OpenAI, this is a shining example of how much personal data is at stake when such a big, popular database is exposed by threat actors. Be careful what you include on your profiles, and don’t feel the need to fill out every bit of personal information about yourself that they ask. Be mindful of what data you feed artificial intelligence and how it could tie back to you.

In the meantime, stay abreast of security concerns, new threats and potential vulnerabilities in the software and websites that you use. Cybercriminals are always on the lookout for new ways to exploit, steal and/or sell your confidential data. Education and vigilance are the best defenses we have.

Reference

Most Recent Post

“Knowledgeable, reliable and trustworthy”

In addition to being knowledgeable, reliable and trustworthy, he’s very friendly and accessible. Would definitely use his services again.

Nyshie Perkinson

Senior Media Specialist, Center for Biological Diversity

Related Articles

9 Signs That Your Smart Home Device Has Been Hacked

9 Signs That Your Smart Home Device Has Been Hacked

Smart home devices are becoming more popular and convenient. But they also pose some serious security risks. Hackers can target these devices to access your personal information. As well as spy on your activities or cause damage to your home.Often the dangers of smart...

5 Cybersecurity Predictions for 2024 You Should Plan For

5 Cybersecurity Predictions for 2024 You Should Plan For

Cybersecurity is a constantly evolving field. There are new threats, technologies, and opportunities emerging every year. As we enter 2024, organizations need to be aware of current and future cyber threats. Businesses of all sizes and sectors should plan...

Workspaces, a VPN & More – Learn the Newest Microsoft Edge Features

Workspaces, a VPN & More – Learn the Newest Microsoft Edge Features

Microsoft Edge continues to redefine user experiences. This is due to Microsoft’s commitment to innovation. The latest updates bring a host of features. These are designed to enhance productivity, security, and browsing satisfaction.Chrome may have been number one for...