ChatGPT Suffers Critical Data Breach; Companies Prohibit Use

OpenAI's ChatGPT became famous for being smart enough to pass exams from law and business schools, but now it makes the headlines for suffering a data breach that essentially made all conversations public. "It was possible for some users to see another active user’s first and last name, email address, payment address, the last four digits (only) of a credit card number and credit card expiration date. Full credit card numbers were not exposed at any time," OpenAI said in a release about the incident.

A vulnerability in the open-source Redis library was exploited to allow users to see the chat history of other ChatGPT users. Although open-source code gives a company additional credibility, having numerous contributors can open the floodgates for vulnerabilities. Cyberattacks on underlying open-source libraries have increased by 742% since 2019.

Ever since chatbots first hit the market, concerns were raised in the cybersecurity community about their ability to be utilised to launch cyberattacks. ChatGPT came with robust safety measures, but even those were ultimately exploited to write malicious code.

Companies were initially racing to implement ChatGPT into their own systems, with industries ranging from publishing to software development able to envision ways in which the chatbot could be utilised. In fact, ChatGPT became the fastest-growing consumer application in recorded history, with over 13 million people using the technology daily within a month of its release. As a comparison, social media giant TikTok took nine months to reach similar user levels.

However, since the incident, large companies and even countries are reconsidering their chatbot implementations. Samsung accidentally leaked sensitive information to ChatGPT, and has subsequently banned its use. Major banks, including Bank of America, Citi, Deutsche Bank, Goldman Sachs, JPMorgan, and Wells Fargo have all restricted employees' use of ChatGPT. Italy has decided to temporarily block the application across the entire country. The concern, Italian officials stated, is due to compliance with GDPR.

Mark McCreary, co-chair of the privacy and data security practice at Fox Rothschild LLP, says that ChatGPT and chatbots are "like the black box in an airplane. The AI technology stores vast amounts of data, and then uses that information to generate responses to questions and prompts. And anything in the chatbot’s memory becomes fair game for other users."

Chatbots can record a user's notes on any topic and then summarise that information, or leverage it to search for more details. However, those notes automatically enter the chatbot library, regardless of whether or not they contain sensitive information like an organisation’s intellectual property.