OpenAI Reveals Redis Bug Behind ChatGPT User Data Exposure Incident
OpenAI on Friday revealed that a bug in the open-source library Redis was responsible for the exposure of other users’ private information and chat titles in the fledgling ChatGPT service earlier this week.
That errorwhich was revealed on March 20, 2023, allows certain users to view brief descriptions of other users’ conversations from the chat history sidebar, prompting the company to temporarily shut down the chatbot.
“It’s also possible that the first message of a newly created conversation is visible in the other person’s chat history if both users are active at the same time,” the company said said.
The bug, further added, originates from redis-py libraryleading to scenarios where aborted requests can cause broken connections and return unexpected data from the database cache, in this case, unrelated user-owned information.
To make matters worse, the San Francisco-based AI research firm said it had accidentally introduced a server-side change that caused a spike in request cancellations, increasing the error rate.
While the issue has been addressed, OpenAI notes that the issue may have more implications elsewhere, potentially disclosing payment-related information from 1.2% of ChatGPT Plus subscribers on March 20 between 1-10 am PT.
This includes the first and last names of other active users, email addresses, payment addresses, last four digits of (only) credit card numbers, and credit card expiration dates. This emphasizes that the full credit card number is not revealed.
The company said it has reached out to affected users to notify them of the accidental leak. It also says “added a redundant check to ensure the data returned by our Redis cache matches the requesting user.”
OpenAI Fixed Critical Account Takeover Flaw
In other caching-related issues, the company also addressed a critical account takeover vulnerability that could be exploited to seize control of other users’ accounts, view their chat history, and access billing information without their knowledge.
Become an Incident Response Pro!
Unlock the secrets to bulletproof incident response – Master a 6-Phase process with Asaf Perlman, Cynet’s Lead IR!
The downside, that is have found by security researcher Gal Nagli, bypassing the protections created by OpenAI at chat.openai(.)com to read sensitive victim data.
This is achieved by first creating a specially crafted link that adds the .CSS resource to the “chat.openai(.)com/api/auth/session/” endpoint and tricking the victim into clicking the link, causing the response to contain a JSON object with accessToken string to cache Cloudflare CDNs.
Cached response to the CSS resource (which owns the Title CF-Cache-Status value is set to HIT) is then abused by an attacker to harvest the target’s JSON Web Token (JWT) credentials and take over the account.
Nagli said the bug was fixed by OpenAI within two hours of responsible disclosure, which shows the severity of the problem.
