OpenAI announced on Friday that a vulnerability in the Redis open source library led to the unintended exposure of personal information and chat titles belonging to users of its ChatGPT service earlier in the week. This incident, first identified on March 20, 2023, permitted certain users to access snippets of other conversations via the chat history sidebar, necessitating a temporary shutdown of the chatbot.
The company further elucidated that it was possible for users to view the initial message of new conversations if they were both active simultaneously. This disclosure has raised concerns about user privacy and the integrity of the platform.
The root cause of the bug was identified in the redis-py library, which allowed corrupt requests to result in unexpected data being retrieved from the cache, inadvertently including information from unrelated users. Adding complexity to the situation, OpenAI mistakenly implemented a server-side adjustment that amplified the number of request cancellations, thereby increasing the error rate significantly.
While the issue has since been resolved, OpenAI’s investigation revealed potential additional implications, including the inadvertent exposure of payment-related information for approximately 1.2% of ChatGPT Plus subscribers during a specific time window. This exposure included user names, email addresses, billing addresses, part of credit card numbers, and expiration dates. OpenAI clarified that full credit card details were not compromised and has reached out to inform affected users.
Furthermore, the company has now instituted measures to enhance data protection, stating that it has introduced redundant checks to ensure the data returned from its Redis cache aligns with the authentic requesting user. This incident raises significant concerns surrounding data privacy and the imperative for robust cybersecurity measures.
OpenAI Addresses Critical Account Takeover Vulnerability
In a separate development, OpenAI also resolved a serious account takeover vulnerability linked to its caching mechanisms that could allow attackers to hijack user accounts, access chat histories, and obtain billing information without the users’ knowledge. Discovered by security researcher Gal Nagli, this flaw circumvented OpenAI’s security measures at chat.openai.com, thus exposing sensitive user data.
The vulnerability exploited users through a maliciously crafted link that appended a .CSS resource to the “/api/auth/session/” endpoint, tricking victims into clicking the link. This led to the caching of a JSON object containing sensitive access tokens within Cloudflare’s CDN, which the attacker could then leverage to extract the victim’s JSON Web Token (JWT) credentials and take over their account.
OpenAI responded to this critical vulnerability within two hours of being informed, demonstrating its commitment to maintaining a secure environment for its users. Identifying security flaws and understanding their applicability to frameworks such as MITRE ATT&CK, which encompasses tactics like initial access and privilege escalation, underscores the ongoing need for vigilance and enhanced safeguards in cybersecurity practices.
