How a Redis Client Bug Exposed ChatGPT Users’ Data – What Went Wrong?

Recently, ChatGPT experienced a user data leak where many users saw other users' conversation histories in their own chat logs.

In addition to chat histories, several ChatGPT Plus users posted screenshots on Reddit and Twitter showing other users' email addresses on their subscription pages.

After the incident, OpenAI temporarily shut down ChatGPT to investigate. CEO Sam Altman later tweeted that a major issue had occurred, attributing it to an error in an open‑source library.

Due to an error in an open‑source library, we experienced a major issue in ChatGPT. A small number of users could see the titles of other users' conversation histories.

OpenAI later released a technical report indicating that the problem stemmed from a bug in the Redis client library redis‑py, exposing other users' chat query history and personal information of roughly 1.2% of ChatGPT Plus users.

Technical Details

The bug was found in the redis‑py client library. OpenAI contacted the Redis maintainers and provided a patch.

OpenAI uses Redis to cache user information, avoiding a database check for each request.

Redis Cluster distributes the load across multiple Redis instances.

OpenAI employs the redis‑py library to integrate Asyncio‑based Python servers with Redis.

The library maintains a shared connection pool between servers and clusters, recycling connections after use.

With Asyncio, redis‑py handles requests and responses via two queues: callers push requests to an inbound queue and pop responses from an outbound queue, then return the connection to the pool.

If a request is cancelled after being queued inbound but before the response is popped outbound, the connection is corrupted, and the next unrelated request may receive leftover data.

Usually this results in an unrecoverable server error, requiring the user to retry.

In some cases, the corrupted data matches the expected type, so the cached response appears valid even though it belongs to another user.

On Monday, March 20 PT 1 am, a change unintentionally increased request cancellations, raising the chance of returning erroneous data.

The bug existed only in the Asyncio redis‑py client for Redis Cluster and has now been fixed.

Further investigation showed that some users could see other active users' names, email addresses, billing addresses, the last four digits of credit card numbers, and expiration dates, though full credit card numbers were not exposed.

This affected about 1.2% of ChatGPT Plus users, and OpenAI is contacting all impacted users.