OpenAI, the startup behind the ChatGPT family of conversational AI tools, addressed how user data could have been exposed in a recent incident. The company cited a software flaw as the root cause and described what happened to affected users through an official statement.
According to OpenAI, the breach occurred due to an error in how the system handled user sessions. This flaw briefly allowed some individuals to access the personal information of other active users. The company emphasized that full payment card numbers were not exposed in any case.
OpenAI explained that the issue was contained after the team disabled chat services to stop the leak. The root cause was traced to a bug in the Redis open-source client library, a component commonly used in modern software systems to manage data quickly and efficiently. The company estimated that roughly 1.2% of all ChatGPT subscribers were affected, a figure it described as a small portion relative to its overall user base.
In its broader update, OpenAI noted progress in strengthening data protection and monitoring mechanisms. The team stated that the vulnerability has been addressed and that additional safeguards have been implemented to prevent a recurrence. The company stressed that maintaining user trust remains a top priority as it continues to refine and expand its platform.
Coincident with the breach news, OpenAI had announced a plugin system designed to broaden the neural network’s knowledge by enabling connections to third-party services. This expansion aims to improve the AI’s ability to retrieve up-to-date information and perform more complex tasks, while the company also pledged ongoing reviews of data handling practices in light of these new capabilities. The firm’s disclosure emphasizes its commitment to transparency and accountability as the service grows and evolves.