Possible Cross-User Medical Data Exposure in ChatGPT Response
I submitted a report through the bug bounty program after encountering what appears to be a serious privacy issue in ChatGPT.
I uploaded an image, and the response contained confidential medical information that seems highly unlikely to be a hallucination. The details were unusually specific and internally consistent: a rare full name, a real hospital matching the patient location, the patient’s gender aligned with the gynecological diagnosis, and the examination matched the relevant hospital department...
Taken together, the probability of this being randomly generated seems extremely low, which raises concerns that data belonging to another user may have been exposed.
Has anyone else experienced something similar or investigated cases involving potential cross-user data leakage?
Another connecting question: my bug bounty report was rejected as “non-reproducible.” Why is reproducibility being treated as a strict requirement in a non-deterministic system like an LLM? By nature, these models do not guarantee identical outputs across runs.
Thanks for your help