The ChatGPT History Leak From a Redis Bug
By Satwik ยท April 16, 2026
On 20 March 2023, OpenAI briefly took ChatGPT offline after users reported seeing other people's conversation titles in their own chat-history sidebar. OpenAI's incident writeup traced the fault to a bug in the redis-py client library used for caching. Under a specific pattern of cancelled requests, the connection pool could return data associated with a different user, causing conversation titles, and in a narrow window the first message of a new conversation, to be exposed to the wrong account.
The same bug also exposed limited payment-related information for a small percentage of ChatGPT Plus subscribers active during a nine-hour window: first and last name, email address, payment address, the last four digits of a card number, and card expiration date. Full card numbers were not exposed.
Why it matters: this was not an adversarial attack. It was an ordinary concurrency bug in a widely used open-source dependency, amplified by the scale and sensitivity of a service holding millions of private conversations. AI products inherit every classic web-application risk on top of their novel model risks.
The defensive lesson is conventional but easily forgotten in the rush to ship: caching and session isolation must be tested under concurrency, dependency behavior at scale can differ from documented behavior, and any system storing private user dialogue should treat conversation content as sensitive personal data with corresponding rigor. OpenAI's transparent postmortem was itself a good practice worth emulating.