Month: April 2023

OpenAI, the company behind popular ChatGPT AI chatbot, has launched a bug bounty program in an attempt to ensure its systems are “safe and useful for everyone”.

“Security is essential to OpenAI’s mission”, said the company. “We appreciate the contributions of ethical hackers who help us uphold high privacy and security standards for our users and technology.”

The company said that ChatGPT is in scope, including ChatGPT Plus, logins, subscriptions, OpenAI-created plugins (e.g. Browsing, Code Interpreter), plugins users create themselves, and all other functionality. Plugins developed by other users are out of the scope.

The bounties range from $200 for low-severity security issues, up to $20,000 for “exceptional discoveries”.

Read more about it here.

Yum! Brands, the company that owns restaurant chains KFC, Pizza Hut Taco Bell, disclosed a data breach. On January 13, 2023, Yum! Brands suffered a ransomware attack that forced it to take its IT systems offline, closing almost 300 restaurants in the UK for one day. Back then the company said that it had no evidence that the attackers exfiltrated any customer information.

In a breach notification letter that was sent to affected customers starting April 6, Yum! Brands revealed that it has now found out the attackers stole some individuals’ personal information, including names, driver’s license numbers, and other ID numbers.

The company added that the ongoing investigation has not found evidence that the stolen data had been used for identity theft or fraud, however, such data is typically traded or shared on underground hacker forums and ultimately used in phishing and other types of attacks.

Read more about it here.

Storage giant Western Digital confirmed on April 3, 2023 that its network has been breached and an unauthorized party gained access to multiple company systems. The California based computer drive maker and provider of cloud data storage services stated that the network security incident was identified on March 26. The investigation is still ongoing and Western Digital has yet to learn how much was taken.

Since the incident, Western Digital’s consumer cloud and backup service My Cloud has experienced outages, preventing customers from accessing their files. This included My Cloud, My Cloud Home, My Cloud Home Duo, My Cloud OS5, SanDisk ibi, SanDisk Ixpand Wireless Charger. Services were restored on April 12.

While Western Digital’s customers wait for more information, they can take action. Users should assume their accounts associated with Western Digital’s services may have been compromised, and therefore they should change their service account passwords and if possible, enable Multi-Factor Authentication (MFA).

Read more about it here.