Posts Tagged: ‘sensitive’

Three Samsung employees reportedly leaked sensitive data to ChatGPT

On the surface, ChatGPT might seem like a tool that can come in useful for an array of work tasks. But before you ask the chatbot to summarize important memos or check your work for errors, it's worth remembering that anything you share with ChatGPT could be used to train the system and perhaps even pop up in its responses to other users. That's something several Samsung employees probably should have been aware of before they reportedly shared confidential information with the chatbot.

Soon after Samsung's semiconductor division started allowing engineers to use ChatGPT, workers leaked secret info to it on at least three occasions, according to The Economist Korea (as spotted by Mashable). One employee reportedly asked the chatbot to check sensitive database source code for errors, another solicited code optimization and a third fed a recorded meeting into ChatGPT and asked it to generate minutes.

Reports suggest that, after learning about the security slip-ups, Samsung attempted to limit the extent of future faux pas by restricting the length of employees' ChatGPT prompts to a kilobyte, or 1024 characters of text. The company is also said to be investigating the three employees in question and building its own chatbot to prevent similar mishaps. Engadget has contacted Samsung for comment.

ChatGPT's data policy states that, unless users explicitly opt out, it uses their prompts to train its models. The chatbot's owner OpenAI urges users not to share secret information with ChatGPT in conversations as it's “not able to delete specific prompts from your history.” The only way to get rid of personally identifying information on ChatGPT is to delete your account — a process that can take up to four weeks.

The Samsung saga is another example of why it's worth exercising caution when using chatbots, as you perhaps should with all your online activity. You never truly know where your data will end up.

This article originally appeared on Engadget at https://www.engadget.com/three-samsung-employees-reportedly-leaked-sensitive-data-to-chatgpt-190221114.html?src=rss
Engadget is a web magazine with obsessive daily coverage of everything new in gadgets and consumer electronics

Security flaw in Florida tax website exposed filers’ sensitive data

Some Florida residents may be keeping a close eye on their finances after a security incident. Researcher Kamran Mohsin tellsTechCrunch that Florida’s Department of Revenue website had a flaw that exposed hundreds of filers’ bank account and Social Security numbers. Anyone who logged in to the state business tax registration site could see, modify and even delete personal data just by modifying the web address pointing to a taxpayer’s application number — you just needed to change the digits in the link.

There were over 713,000 applications in the Department’s pipeline at the time of the discovery, Mohsin said. Mohsin warned the Department about the flaw on October 27th.

Department representative Bethany Wester said in a statement that the government fixed the flaw within four days of the report, and that two unnamed firms have deemed the site secure. She added there was “no sign” attackers abused the flaw, but didn’t say how officials might have spotted any misuse. The agency contacted every affected taxpayers by phone or writing within four days of learning about the issue, and has offered a year of free credit monitoring.

Bugs like these, known as insecure direct object references, are relatively easy to fix. The damage might also be limited compared to other tax-related breaches, such as a Healthcare.gov intrusion that compromised about 75,000 people in 2018. However, the incident underscores the potential harm from weak security — even a small-scale exposure like this could be used to commit tax fraud and steal refunds.

Engadget is a web magazine with obsessive daily coverage of everything new in gadgets and consumer electronics

Cloud leak exposed sensitive data from over 200,000 voicemails

Some data leaks contain more sensitive info than most. Security researcher Bob Diachenko and Comparitech discovered (via Threatpost) that Broadvoice, a cloud VoIP provider for businesses, left over 350 million records exposed online in an unprotected…
Engadget RSS Feed

Instagram will start blurring ‘sensitive’ photos in your feed

In recent months, Instagram has taken some long-overdue steps to reduce abuse on its platform and generally make the experience better and safer for all users. Today, the company has announced another change in line with those goals. When you're brow…
Engadget RSS Feed