ChatGPT leaking private chats, login credentials: Here’s what company has to say

Microsoft-backed OpenAI’s generative AI-based chatbot, ChatGPT, is popular among users. The tool is mostly used for simpler queries, but some users access ChatGPT plugins and extensions for more complex tasks. However, users should be careful about the data they share with the chatbot as it has reportedly leaked a few conversations.

Details leaked by ChatGPT

According to a report by ArsTechnica, a user has shared screenshots that show how ChatGPT is leaking private conversations.The images show that the chatbot is leaking details like usernames and passwords. The report notes that the user accessed ChatGPT for an unrelated query and curiously spotted additional conversations present in the bot’s chat history that did not belong to them. These unrelated conversations included multiple details, the report noted.
One set of conversations was by some user who was trying to troubleshoot problems through a support system used by employees of a pharmacy prescription drug portal. This conversation included the name of the app that the other user was trying to troubleshoot, the store number where the problem occurred and additional login credentials.Another leaked conversation included the name of the presentation that some other user was working on. It also included details of an unpublished research proposal.

What OpenAI has to say about the leaked details

Replying to the allegations, OpenAI officials explained that ChatGPT showed unrelated chat histories as the user’s account has been compromised. An Open AI representative said that the unauthorised logins came from Sri Lanka whereas the user said he logs into his account from Brooklyn, New York.
In a statement, the OpenAI representative wrote: “From what we discovered, we consider it an account takeover in that it’s consistent with activity we see where someone is contributing to a ‘pool’ of identities that an external community or proxy server uses to distribute free access. The investigation observed that conversations were created recently from Sri Lanka. These conversations are in the same time frame as successful logins from Sri Lanka.”
This is not the first time ChatGPT has leaked information. In March 2023, the chatbot reportedly had a bug that leaked chat titles. Meanwhile in November 2023, researchers were able to use queries to prompt the AI bot into divulging private data that was used in training the LLM.
Moreover, it is important to note that OpenAI doesn’t offer its users features like 2FA or the ability to track details such as IP location of current and recent logins to safeguard their ChatGPT accounts.