ChatGPT Data Breach Confirmed as Security Firm Warns of Vulnerable Component Exploitation “How to Make Your Home More Eco-Friendly” “Creating an Eco-Friendly Home Environment”

OpenAI, the creator of the chatbot ChatGPT, has recently confirmed a data breach caused by a bug in an open source library, just as a cybersecurity firm noticed that a recently introduced component is affected by an actively exploited vulnerability. The bug, introduced by OpenAI on March 20, exposed user information in the form of titles of active users’ chat history and the first message of a newly created conversation. Payment-related information belonging to 1.2% of ChatGPT Plus subscribers was also exposed. OpenAI has taken the chatbot offline and is ensuring that there is no ongoing risk to users’ data.

Threat intelligence company GreyNoise also issued a warning regarding a new feature in ChatGPT that expands the chatbot’s information collecting capabilities through the use of plugins. GreyNoise noticed that the code examples provided by OpenAI to customers include a docker image for the MinIO distributed object storage system which is affected by a potentially serious information disclosure vulnerability. The security hole can be leveraged to obtain secret keys and root passwords and GreyNoise has already seen attempts to exploit the vulnerability in the wild.

In conclusion, OpenAI’s ChatGPT has recently been affected by two security issues, resulting in a data breach and the potential exposure of user information. OpenAI has taken the chatbot offline while it works to patch the flaw and is reaching out to affected users to notify them of the breach. Additionally, GreyNoise has warned of a potential exploit of a new feature in ChatGPT through a docker image for the MinIO distributed object storage system.

Key Points:

• OpenAI has confirmed a data breach caused by a bug in an open source library.
• The bug exposed user information in the form of titles of active users’ chat history and the first message of a newly created conversation.
• Payment-related information belonging to 1.2% of ChatGPT Plus subscribers was also exposed.
• Threat intelligence company GreyNoise has warned of a potential exploit of a new feature in ChatGPT through a docker image for the MinIO distributed object storage system.
• OpenAI has taken the chatbot offline while it works to patch the flaw and is reaching out to affected users.