The AI vendor OpenAI is facing a problem that other marketing technology firms have dealt with.
The company took ChatGPT offline earlier this week after a bug allowed some users to see titles from another user’s chat history. Also exposed were email addresses and other information.
The bug is now patched, the company claims in a Friday blog post.
However, it found that “the same bug may have caused the unintentional visibility of payment-related information of 1.2% of the ChatGPT Plus subscribers who were active during a specific nine-hour window..
It continues that, prior to the firm’s taking ChatGPT offline, “it was possible for some users to see another active user’s first and last name, email address, payment address, the last four digits (only) of a credit card number, and credit card expiration date. Full credit card numbers were not exposed at any time.”
The bug was found in the Redis client open-source library, redis-py. OpenAI says it “reached out to the Redis maintainers with a patch to resolve the issue.”
OpenAI uses Redis to cache user information in its server so that it doesn’t need to check out its database for every request.