Recent headlines have shown that ChatGPT’s privacy and security measures are… well, pretty bad.
The problems started when ChatGPT user Chase Whiteside noticed unrecognized logs in his chat history. The initial theory was that these chat entries belonged to other users that ChatGPT had somehow posted to the wrong account, raising concerns that chat logs or other personal information could be leaked due to the alleged bug. However, OpenAI, the company behind ChatGPT, investigated this issue and discovered that someone else had hacked Whiteside’s account, which means the unexpected logs came from a hacker using ChatGPT with Whiteside’s username and were not the result of a bug leaking other people’s chat histories.
While the results of OpenAI’s investigation show that ChatGPT will not accidentally share your chat logs or personal information with other users, it still highlights a earnest security issue with the service’s account. Or more precisely, the lack of it.
ChatGPT account security options non-existent
Most websites, apps, or services you log in to have security features that prevent hackers or bots from accessing your account. The most common are two-factor authentication via text message or email, or the more strong two-factor authentication (2FA), which uses pre-generated login codes or additional apps to validate logins. They will also send text messages, emails and/or push notifications to your devices whenever you (or someone else) tries to log in, alerting you to possible account breaches.
While 2FA is more effective than two-factor authentication at preventing account hacks, both are more secure than relying on just a password. Unfortunately, ChatGPT doesn’t offer any of these, so someone managed to hack Whiteside’s account anyway says Whiteside his password consisted of nine characters “uppercase, lowercase and special characters”.
To be fair, Whitefield claims that his ChatGPT password was also associated with his Microsoft account, which is one of the biggest login security mistakes you can make – if one account is compromised, other accounts using the same login credentials will be as well endangered. However, it is equally likely that the hacker never knew the password and simply brutalized Whiteside’s account.
Regardless of the method the hacker used to get into your Whiteside account, the point is that you also need additional lines of defense against data breaches, phishing attacks, spyware, social engineering, and password cracking software that hackers can utilize to steal data login. That’s why a robust, unique password is just one part of your online security checklist.
How to protect your ChatGPT account and data
While it is unlikely that someone will hack your ChatGPT account, it is entirely possible. If this is a deal breaker, the safest option is not to utilize an AI chatbot at all. Fortunately, ChatGPT is free to utilize and doesn’t require you to provide vital personal or financial information, so there’s little incentive to hack someone’s account. Nevertheless, if you intend to utilize ChatGPT, you should still try to protect your account.
-
Normally, enabling settings like 2FA would be our first recommendation to escalate login security, but since ChatGPT doesn’t offer such options, the best you can do right now is to keep your username and password as unthreatening as possible. Do not utilize your Google, Microsoft or Apple account to log in to ChatGPT. This is convenient, but it ties data from these other services to ChatGPT and makes it easier for others to hack into these other accounts. Create a modern, dedicated ChatGPT account with your own username and password that you don’t utilize anywhere else, and make sure the password is robust. Oh, and it’s also sharp to change your ChatGPT password regularly.
-
To reduce the risk of someone stealing your personal information if your account is hacked, do not provide any personal or sensitive information in ChatGPT prompts or search results.
-
Finally, keep an eye on your chat history. If you notice modern entries that you don’t recognize, be sure to report the problem to the official OpenAI support email [email protected], and then update your password immediately.
