A security researcher recently found a flaw in ChatGPT that could let hackers plant false information and steal user data over time. OpenAI initially dismissed the issue, but has since taken steps to fix it.

The researcher, Johann Rehberger, discovered that ChatGPT’s memory feature, which stores information from past chats to make future conversations easier, could be misused. Hackers could plant fake details, like incorrect personal information, through untrusted sources such as emails, documents, or websites. ChatGPT would then store these false memories and use them in future conversations.

Rehberger showed how this flaw worked by tricking ChatGPT into believing made-up facts about a user, like their age or location, which influenced future chats. He found that these fake memories could be created using a technique called "prompt injection," which hides instructions in content like links or images.

In May 2024, Rehberger reported this issue to OpenAI, but the company initially said it was a safety problem, not a security risk. However, when Rehberger demonstrated how it could be used to steal data, OpenAI released a partial fix in September.

Although some security risks have been addressed, hackers can still exploit prompt injections to store false information in ChatGPT’s memory. To stay safe, users should keep an eye on new memories being added during chats and regularly review what’s stored. OpenAI has provided guidance on how to manage these settings, but has not yet shared further plans to stop these types of attacks.