A recent ChatGPT, which recently revealed GPT mentions, incident raised concerns about user privacy and data security. User Chase Whiteside reported finding conversations in his account history belonging to other users. These conversations contained potentially sensitive information such as usernames, passwords, and other details.
Here is what happened:
- User Chase Whiteside discovered conversations containing usernames, passwords, and other sensitive information belonging to seemingly unrelated users.
- OpenAI investigated and claimed unauthorized logins from Sri Lanka compromised Whiteside’s account, explaining the presence of the other users’ conversations.
- Whiteside, however, doubts his account was compromised, citing a strong password and limited use.
I went to make a query (in this case, help coming up with clever names for colors in a palette) and when I returned to access moments later, I noticed the additional conversations,” Whiteside wrote in an email. “They weren’t there when I used ChatGPT just last night (I’m a pretty heavy user). No queries were made—they just appeared in my history, and most certainly aren’t from me (and I don’t think they’re from the same user either).
Several conversations were leaked to Whiteside, which included information such as the name of a presentation a person was working on, the details of an unpublished research proposal, and a script using the PHP programming language. The users involved in each leaked conversation appeared to be different and unrelated. One of the conversations involved a prescription portal and mentioned the year 2020, while the other conversations did not include any dates.
OpenAI investigated the incident and concluded that Whiteside’s account was compromised through unauthorized login attempts from Sri Lanka. They believe this explains the presence of the other users’ conversations in his account.
While OpenAI’s explanation suggests account compromise, Whiteside remains skeptical. He claimed to have used a strong password and limited the use of his credentials, casting doubt on the unauthorized access theory.
OpenAI investigated the incident and concluded that Whiteside’s account was compromised through unauthorized login attempts from Sri Lanka. They believe this explains the presence of the other users’ conversations in his account.
More info and screenshots here.