OpenAI on Friday disclosed that a bug in the Redis open source library was responsible for the exposure of other users’ personal information and chat titles in the upstart’s ChatGPT service earlier this week.
The glitch, which came to light on March 20, 2023, enabled certain users to view brief descriptions of other users’ conversations from the chat history sidebar, prompting the company to temporarily shut down the chatbot.
“It’s also possible that the first message of a newly-created conversation was visible in someone else’s chat history if both users were active around the same time,” the company said.
The bug, it further added, originated in the redis-py library, leading to a scenario where cancelled requests could cause connections to be corrupted and return unexpected data from the database cache, in this case, information belonging to an unrelated user.
To make matters worse, the San Francisco-based AI research company said it introduced a server-side change by mistake that led to a surge in request cancellations, thereby upping the error rate.
images from Hacker News