cross-posted from: https://discuss.online/post/31211123
I honest to fucking God don’t understand how cybersec is so fucking bad that there are so many damn data breaches that I lost count. I had a few accounts on chatgpt (that I dont use anymore) but they are all compromised now…
Just what the fuck is this shit? Are they done by lone actors or cybercrime gang? Or are they state actors or state-backed actors? Or are they inside jobs to allow the company to sell data illegally to make more money? Flock has admitted to using data from data breaches to their system.
You also notice how rarely you hear about cybercriminals getting caught? It’s almost like if you take even a minor bit of opsec you can get away with anything.
Important detail to know before commenting: it was Mixpanel analytics apparently that was breached and not ChatGPT itself.
Another reason to have Firefox strict privacy mode turned on along with uBlock and Disconnect though :)
Good thing I blocked Mixpanel the second I saw it pop up for analytics. Call me paranoid.
analytics tools often have full access to everything on the page so this might as well be comparable to a breach of chatgpt itself
For sure, yeah. When I joined my current company that provides a web service, I was blown away by how much is recorded. DataDog has a feature called RUM & Session Replay and I don’t think people realise that every mouse movement, click, and interaction in general is recorded in enough detail that as a developer I can play back user sessions as if I were watching a screen recording. Mixed with the fact that it also captures as much identifying information as it can, it’s pretty fucking creepy
Why is that an important detail? Does itbmakeba functional difference to me as a user? OpenAI collected the data and failed to secure it. Doesn’t matter if a 3rd party was involved
It’s important because none of OpenAI’s software or databases were hacked. What was hacked was a service they use. As much as I dislike it, most companies that have a presence online use analytical services
involved isn’t the correct term for this, or rather it’s exact opposite direction. The 3rd party was hacked and as a result OpenAI data was leaked (along with any other companies using the platform that were affected)
I bring it up because the nuance is important when I can predict people will jump on OpenAI to make claims of shoddy code. I hate OpenAI and Sam Altman but again, the nuance is important because this can happen to any company
Get mad at the fact analytic companies collect enough data to cause this much of a mess if anything
OpenAI gave the sensitive content to an unsecure third party. Its a risky move, so they have responsability, regardless of this being a standard behaviour.