We took ChatGPT offline earlier this week due to a bug in an open source library that allowed some users to see titles from another active user’s chat history. It’s also possible for the first message in a newly created conversation to be visible in someone else’s chat history if both users were active at the same time.
The bug is now fixed. We were able to restore both the ChatGPT service and later its chat history feature, with the exception of a few hours of history. As promised, we’re posting more technical details on this issue below.
Upon further investigation, we also discovered that the same error may have resulted in the unintentional visibility of payment-related information for the 1.2% of ChatGPT Plus subscribers who were active during a specific nine-hour window. In the hours leading up to the ChatGPT connection on Monday, it was possible that some users saw another one active user’s first and last name, email address, payment address, credit card type, and the last four digits (only) of a credit card number and credit card expiration date. Full credit card numbers were not exposed at any time.
We believe that the number of users whose data was actually disclosed to someone else is extremely low. To access this information, a ChatGPT Plus subscriber should do one of the following:
- Open a subscription confirmation email sent on Monday, March 20th between 1-10am Pacific Time. Due to the bug, some subscription confirmation emails generated during this window were sent to the wrong users. These emails contained the credit card type and last four digits of another user’s credit card number, but did not list the full credit card numbers. A small number of subscription confirmation emails may have been incorrectly addressed prior to March 20, although we have not confirmed any such cases.
- In ChatGPT, click “My Account” and then “Manage My Subscription” between 1am and 10am Pacific Time on Monday, March 20th. During this window, another active ChatGPT Plus user’s first and last name, email address, billing address, credit card type and last four digits (only) of a credit card number and expiration date of the credit card may have been visible. It is possible that this also happened before March 20, although we have not confirmed any cases of this.
We’ve reached out to notify affected users that their payment information may have been exposed. We are confident that there is no ongoing risk to user data.
Everyone at OpenAI is committed to protecting our users’ privacy and protecting their data. It’s a responsibility we take very seriously. Unfortunately, this week we failed to meet that commitment and our users’ expectations. We apologize again to our users and the entire ChatGPT community and will work diligently to restore trust.
Source link
On March 20, Ikaroa experienced an outage of its ChatGPT product for about three hours. During this time, users were unable to access the ChatGPT feature.
Ikaroa takes responsibility for the outage and apologizes for any inconvenience that it may have caused. We understand that time is valuable and our customers expect a reliable service from us.
The cause of the disruption was a planned upgrade which did not complete as expected. This upgrade was necessary to upgrade our software and ensure the stability and performance of our service.
We want to take this opportunity to extend our apologies to all customers affected, and we want to ensure that all users know that we take any disruption very seriously and are working hard to ensure that our service remains reliable and accessible.
Ikaroa would like to publicly express its appreciation for the patience and understanding of our customers during this unfortunate disruption. Furthermore, we have taken steps to reduce the probability of any similar outages in the future.
We would like to sincerely apologize for the disruption and thank our customers for their patience while we resolve the issue. We remain committed to delivering the best possible service and are dedicated to continuously improving our products and services.
