How a Redis Client Bug Exposed ChatGPT User Data and What OpenAI Fixed

Event Overview

Recently, a vulnerability in the open‑source redis-py library triggered a failure in ChatGPT, leading to a data‑leak incident where a small fraction of users could view other users' personal information and chat queries.

OpenAI CEO Sam Altman apologized on Twitter, stating that a bug in the open‑source component caused the issue, that a patch has been released, and that only a limited number of users saw other users' conversation titles.

The post‑mortem report released by OpenAI explained that the flaw originated in the Redis client library redis-py, which OpenAI uses to cache user data on their servers, avoiding a database lookup for each request.

Technical Details

OpenAI caches user information in Redis, distributing the load across a Redis Cluster.

The async Python server communicates with Redis via the redis-py library.

The library maintains a shared connection pool between servers and clusters, recycling connections after each request.

When using asyncio, requests and responses are queued: callers push requests to an inbound queue and pop responses from an outbound queue, then return the connection to the pool.

If a request is cancelled after being queued but before a response is popped, the connection can become corrupted, causing the next unrelated request to receive leftover data.

In most cases this results in an unrecoverable server error, forcing users to retry their requests.

Occasionally, the corrupted data matches the expected type, so the cache returns seemingly valid data that actually belongs to another user.

On March 20 (Pacific Time), a change introduced by OpenAI unintentionally increased request cancellations, raising the likelihood of corrupted connections.

The bug was specific to the async redis-py client used with Redis Cluster and has now been fixed.

Impact and Response

OpenAI discovered that some users could see other active users' names, email addresses, billing addresses, the last four digits of credit‑card numbers, and expiration dates. Full credit‑card numbers were not exposed.

The affected users represent about 1.2 % of ChatGPT Plus subscribers. OpenAI has contacted all impacted users.

After extensive testing, OpenAI rolled out the fix, added extra validation to ensure cached data matches the requesting user, expanded the Redis cluster for greater resilience, and implemented additional safeguards to prevent similar issues under extreme load.

Broader Implications

This incident highlights the ongoing security challenges that accompany rapid AI advancements. It underscores the need for rigorous testing of third‑party libraries, robust caching strategies, and continuous monitoring to protect user data in large‑scale AI services.