Find out what happened when private conversations and login credentials were exposed in the ChatGPT leak
Following the emergence of ChatGPT, discussions have sparked worldwide regarding the advantages and challenges presented by artificial intelligence (AI) technology. Privacy and security have become major areas of concern, leading nations to demand protective measures against AI to safeguard their citizens. Despite these efforts, threat actors have managed to bypass these safeguards. In a recent occurrence, ChatGPT unintentionally disclosed numerous private conversations during an unrelated chat. Let’s delve into the details of the incident.
ChatGPT leak
According to a report by ArsTechnica, one of their readers posted screenshots of seeing the leaked chats on ChatGPT. A reader named Chase Whiteside took a poll on ChatGPT, but saw other off-topic conversations along with the poll response. In one conversation, the user tried to troubleshoot the pharmacy’s drug portal. More worryingly, the leaked conversation contained not only the name of the user’s debugged app, but also login information, including username and password.
In an email to ArsTechnica, Whiteside wrote: “I went to do a survey and when I came back a moment later I noticed additional chats. They weren’t there when I used ChatGPT last night. No survey was done – they just appeared in my history and certainly weren’t from me.”
The report also states that the second conversation contained an unpublished research proposal and the name of a presentation made by someone.
In a statement to Mashable, OpenAI clarified: “Based on our findings, user account credentials were compromised and the account was accessed by a bad actor. The chat history and displayed files are conversations about the abuse of this account, and it was not ChatGPT showing the history of other users.”
However, Chase says it’s unlikely his account was compromised because he uses a nine-character password with uppercase and lowercase letters and special characters — all of which are ideal guidelines for setting a strong password. OpenAI said those conversations originated in Sri Lanka and not Brooklyn, where Whiteside came to the survey.