OpenAI says a case of mysterious ChatGPT conversations appearing in one user’s history was the result of his account being compromised. The explanation changes the likely cause of the incident, but it does not make the privacy concerns disappear.
What OpenAI says happened
Chase Whiteside reported finding conversations in his ChatGPT history that he said were not his. OpenAI officials later said the histories came from unauthorized access to his account.
An Open AI representative said the unauthorized logins came from Sri Lanka. Whiteside said he logs into his account from Brooklyn, New York.
“From what we discovered, we consider it an account take over in that it’s consistent with activity we see where someone is contributing to a ‘pool’ of identities that an external community or proxy server uses to distribute free access,” the representative wrote. “The investigation observed that conversations were created recently from Sri Lanka. These conversations are in the same time frame as successful logins from Sri Lanka.”
That account-takeover explanation means the initial concern, that ChatGPT itself was leaking chat histories to unrelated users, is likely wrong based on OpenAI’s investigation. Still, the incident shows how damaging an account compromise can be when chat histories contain sensitive material.
What appeared in the account
The conversations Whiteside reported were not trivial. According to the source, two of the seven screenshots he submitted included multiple pairs of usernames and passwords. Those credentials appeared connected to a support system used by employees of a pharmacy prescription drug portal.
The conversation also included the name of the app being troubleshot and the store number where the problem occurred. A link Whiteside included showed the full chat conversation, and that URL disclosed additional credential pairs.
Other conversations that appeared in Whiteside’s account included the name of a presentation, details of an unpublished research proposal, and a script using the PHP programming language. The users behind the conversations appeared to be different and unrelated to each other. The conversation involving the prescription portal included the year 2020, while dates did not appear in the other conversations.
Why the timing mattered
Whiteside said the extra histories appeared on Monday morning, shortly after he used ChatGPT for an unrelated query. He said the added conversations were not present when he used ChatGPT the previous night.
“I went to make a query (in this case, help coming up with clever names for colors in a palette) and when I returned to access moments later, I noticed the additional conversations,” Whiteside wrote in an email. “They weren’t there when I used ChatGPT just last night (I’m a pretty heavy user). No queries were made—they just appeared in my history, and most certainly aren’t from me (and I don’t think they’re from the same user either).”
Whiteside later changed his password, though he doubted his account had been compromised. He said he used a nine-character password with upper- and lower-case letters and special characters, and that he did not use it anywhere other than for a Microsoft account.
The security gap the incident exposed
OpenAI’s explanation reduces the likelihood that this was a direct ChatGPT history leak to unrelated users. But the source notes a separate problem: users such as Whiteside did not have a way to protect accounts with 2FA or review IP location details for current and recent logins.
Those tools matter because they help users detect and limit unauthorized access. Without them, a user may not know where a successful login came from or whether an account is being used by someone else.
The broader lesson is straightforward: ChatGPT histories can contain private data, proprietary data, login credentials, draft research details, source code, and operational information. If an account is accessed by someone else, that history can become exposed even if the service itself is not leaking chats across users.
What users and companies should take from it
The episode adds to earlier concerns about private information in AI systems. Last March, OpenAI took ChatGPT offline after a bug caused the site to show titles from one active user’s chat history to unrelated users. In November, researchers published a paper describing how they used queries to prompt ChatGPT into divulging email addresses, phone and fax numbers, physical addresses, and other private data included in training material.
The source also notes that companies, including Apple, have restricted employee use of ChatGPT and similar sites because of concerns about proprietary or private data leakage.
For users, the practical point is to remove personal details from prompts whenever possible. For organizations, the issue is broader: AI chats should be treated like any other place where sensitive business information can accumulate. If credentials, internal systems, customer details, research plans, or code enter a chat history, the account protecting that history becomes part of the security perimeter.