Last week, OpenAI revealed in a blog post that ChatGPT was taken offline on March 20 due to a bug that was allowing some users to see the chat history and payment information of other active users. It’s not quite as bad as it sounds, but if you have used ChatGPT at all since it launched last fall, you’ll probably want to know whether or not you were impacted. Thankfully, OpenAI provided a detailed breakdown of the ChatGPT leak, and it should answer most of your questions.
Did ChatGPT leak my data?
OpenAI says a bug in ChatGPT’s open-source library allowed some users to see titles from other users’ chat history, the first message of a newly-created conversation, and some payment-related information of 1.2% of the ChatGPT Plus subscribers who were active during a specific nine-hour window on Monday, March 20, between 1 a.m. and 10 a.m. PT.
In the early hours of March 20, a small percentage of ChatGPT Plus subscribers could see other active users’ first and last names, email addresses, payment addresses, the last four digits of their credit card numbers, and credit card expiration dates.
In order to access the information, the ChatGPT Plus subscriber would have needed to do one of the following during that specific nine-hour window:
- Open a subscription confirmation email sent on Monday, March 20, between 1 a.m. and 10 a.m. Pacific time. Due to the bug, some subscription confirmation emails generated during that window were sent to the wrong users. These emails contained the last four digits of another user’s credit card number, but full credit card numbers did not appear. It’s possible that a small number of subscription confirmation emails might have been incorrectly addressed prior to March 20, although we have not confirmed any instances of this.
- In ChatGPT, click on “My account,” then “Manage my subscription” between 1 a.m. and 10 a.m. Pacific time on Monday, March 20. During this window, another active ChatGPT Plus user’s first and last name, email address, payment address, the last four digits (only) of a credit card number, and credit card expiration date might have been visible. It’s possible that this also could have occurred prior to March 20, although we have not confirmed any instances of this.
With all that in mind, if you were not active on ChatGPT with a paid subscription to ChatGPT Plus on the morning of March 20, you are probably in the clear. OpenAI reached out to affected users last week, so if your information was leaked, you already know about it.