OpenAI’s chatbot, ChatGPT, which gained widespread popularity upon its release in late 2022, has been hacked revealing critical cyber-security vulnerabilities. This ChatGPT data breach is stealing the light.
After users took advantage of the Redis open-source library exploit, they got access to the chat histories. Redis is an open-source library that developers use for faster recall and access to user information. Due to the transparency of open-source libraries, it is easy for vulnerabilities to go unnoticed. This increases the probability of cyber-attacks on such software by 742% since 2019.
ChatGPT, despite having its imperfections, took the consumer market by storm, becoming not only the fastest but the fastest growing consumer app in history, reaching over 100 million monthly users by January 2023. Furthermore, 13 million users used the Chatbot daily within just a month of its release, making it a phenomenon that took over the entire virtual assistant market. The widespread use of this technology was due to its versatility and relatively wide range of useful applications, similar to a Swiss Army knife, which led to its early and quick popularity.
The data breach
The Redis vulnerability resulted in a data breach in the ChatGPT system, requiring OpenAI to take the system offline for maintenance and repair. Upon investigation, researchers discovered that this vulnerability was likely responsible for the visibility into a few paying subscribers’ payment information for a brief period. Hackers gained access to billing users’ sensitive information such as first and last names, email and payment addresses, last four digits of credit card numbers, and expiration dates, highlighting the potential cyber security threats that chatbots pose due to the significant amounts of stored data. This incident, although with minimal effects on paying subscribers, serves as a warning of potential future dangers.
Tightening restrictions on AI use
Due to the concerns surrounding data privacy, some businesses and entire countries have started clamping down on ChatGPT’s use. JPMorgan Chase, for example, restricted its employees’ use of ChatGPT due to concerns about the security of financial information entered into the chatbot. Additionally, Italy temporarily banned the app, citing the data privacy of its citizens and compliance with GDPR requirements.
Researchers predict threats actors will use ChatGPT to create elaborate and realistic phishing emails. Chatbots will mimic native speakers in delivering targeted messages instead of using the previous tell-tale signs of odd sentence phrasing and poor grammar indicative of a phishing scam. ChatGPT’s capacity for language translation further enhances cyber hackers’ efforts to create foreign phishing attempts.
The Chatbot’s AI technology has the potential to create disinformation and conspiracy campaigns with future implications surpassing cyber risks on account of its language sophistication.
OpenAI responding to some threats
OpenAI has taken steps to prevent the reoccurrence of data breaches within the application by offering a bounty of up to $20,000 to anyone who discovers unreported vulnerabilities.
The program fails to address model safety and hallucination issues that prompt the chatbot to generate detrimental code or other flawed outputs.. This implies that OpenAI is attempting to tighten ChatGPT’s technology against outside attacks but cannot prevent Chatbot technology from being the source of cyber hacks.
Recap – ChatGPT data breach
ChatGPT and other chatbot models will remain a significant player in the cybersecurity sphere. Whether the technology will be a victim of cyber-attacks or a means of perpetrating cybercrimes in the future remains to be seen. For now, users should be aware of the potential dangers involved in sharing information with chatbots and should take appropriate measures to protect their data.