What Happened
A bug in ChatGPT's Redis caching library allowed users to see other users' chat history titles and payment information (last 4 digits of credit card, email, name). Affected 1.2% of ChatGPT Plus subscribers.
Impact
ChatGPT taken offline for hours. Privacy breach affecting thousands. Contributed to Italy's ban. Exposed infrastructure vulnerabilities.
Cost: Service downtime, regulatory scrutiny, user trust damage
How to Prevent This
- Rigorous security testing of all dependencies
- Data isolation between users at infrastructure level
- Bug bounty programs to catch vulnerabilities
- Incident response plans for rapid breach containment