On March 20, 2023, OpenAI took ChatGPT offline after discovering a bug in its Redis client library (redis-py open-source library) that caused some users to see other users’ conversation history titles and partial personal information in their sidebar. In some cases, the first message of a new conversation could be visible. OpenAI later confirmed that a small subset of users (~1.2% of ChatGPT Plus subscribers who used the service during a 9-hour window on March 20) had their payment information exposed — including first and last names, email addresses, payment addresses, credit card type and last four digits, and credit card expiration dates. Full credit card numbers were not exposed. Approximately 100,000 ChatGPT Plus users were notified. The bug was triggered by a Redis connection pool race condition during a server-side configuration change that caused requests to return cached query data from another active connection. OpenAI patched the Redis library and confirmed the fix. This was the first major data exposure incident for ChatGPT and drew significant attention given OpenAI’s rapid growth and the sensitivity of private conversation data. OpenAI notified affected users directly and notified relevant regulators.