- Critical Security Flaw: OpenAI’s ChatGPT macOS app stored user conversations in plain text, potentially exposing sensitive data.
- Unauthorized Access Risk: The vulnerability allowed malicious actors or apps to read users’ ChatGPT interactions without their knowledge.
- Swift Resolution: OpenAI quickly patched the issue with an update that encrypts stored conversations, prioritizing user privacy and security.
OpenAI swiftly addressed a critical security vulnerability in its ChatGPT macOS app, where user conversations were stored in plain text, making them easily accessible to unauthorized access. This flaw, discovered by developer Pedro José Pereira Vieito, could have allowed malicious actors or apps to read users’ sensitive ChatGPT interactions.
Pereira Vieito demonstrated the issue by creating an app that accessed and displayed recent ChatGPT conversations from a user’s computer. The vulnerability was further exposed as users could simply locate and read the stored chats by changing file names.
Upon notification from The Verge, OpenAI promptly released an update that encrypts chat data. The company acknowledged the issue and reiterated its commitment to user privacy and security. The update effectively renders the previously accessible conversations unreadable.