It doesn’t matter how big a company is, it’s not invulnerable to data breaches- T-Mobile is proof of that. Now, OpenAI, the company behind DALL-E and ChatGPT has confirmed that it’s suffered a data breach.
This was reported by SecurityIntelligence. Since OpenAI uses the Redis open-source library, a data breach was always a possibility. Open-source libraries are extremely vulnerable to data breaches, so OpenAI was playing with fire.
The company confirmed that a threat actor was able to use a vulnerability in the Redis library in order to obtain information about users who use ChatGPT. The breach occurred several days ago.
The OpenAI data breach wasn’t very severe
Fortunately, OpenAI was able to patch the vulnerability and make the services safe again. The data that the threat actor gained access to didn’t seem too severe. For the most part, the threat actors were able to access the chat histories of users. For most people, that’s not much of an issue. However, being a chatbot, ChatGPT has been the therapist to people who’ve born their souls to it. This means that several people probably confessed a lot of personal information to ChatGPT.
OpenAI confirmed that there could have been other information scooped up in the data breach. This same vulnerability could have possibly allowed people to see the first names, last names, email addresses, and payment addresses of several people. Threat actors could have also seen the last four digits of their credit card numbers along with the expiration dates. We’re not sure if anyone was able to; it was only a possibility.
The vulnerability has been patched up, but that doesn’t mean that there won’t be any others in the future. Companies all over the world suffer security breaches, and there’s nothing that we can really do to stop it. Let’s just be glad that this was a minor leak.
2023-05-06 15:14:56