In June 2023, a cybersecurity company released a report detailing that over 101,000 ChatGPT accounts had been compromised due to malware on users’ systems. This incident was not a breach of ChatGPT itself.
Below, you’ll find a full timeline of ChatGPT data breaches and security incidents, starting with the most recent.
June 2023: Report Identifies Over 101k Hacked ChatGPT Accounts
A threat intelligence team at Group-IB released a report indicating that over 101,000 ChatGPT credentials were stolen by malware over a 12-month period. These researchers found these accounts on the dark web, available for sale alongside other stolen data.
These accounts were compromised by malware on users’ devices; they were not stolen in a breach of ChatGPT itself.
March 2023: ChatGPT Bug Exposes User Data
On March 24, 2023, OpenAI, the company behind ChatGPT, reported a data breach on their blog. In the post, they noted that a bug had allowed users to see some chat history and partial payment data for other active users. The exposed payment data included payment address, credit card type, credit card expiration date, and the last four digits of the credit card number.
OpenAI fixed the bug soon after discovering the incident, and in April, they announced a bug bounty program to help detect future issues.
So far, these are the only reported security incidents attributed to ChatGPT or OpenAI. We’ll keep this space updated if and when any future breaches should occur.