Rewards Hub A security vulnerability in the iOS ChatGPT subscription system has been identified, allowing the reuse of Apple Pay receipts across multiple accounts. Developer BugstoOai reported the issue on the OpenAI developer community, highlighting a flaw where the system verifies receipt authenticity but not the Apple ID associated with the purchase. This loophole enables users to activate ChatGPT Plus subscriptions on different accounts using the same receipt.
The vulnerability affects the ChatGPT iOS app and the backend endpoint `/backend-api/subscription/upgrade`. Recommendations for mitigation include binding receipts to purchaser identities and monitoring repeated use of transaction IDs. The report, which lacks a full proof of concept, has not been independently verified, and OpenAI has yet to respond to the claims.
iOS ChatGPT Plus Vulnerability Allows Receipt Reuse Across Accounts
Disclaimer: The content provided on Phemex News is for informational purposes only. We do not guarantee the quality, accuracy, or completeness of the information sourced from third-party articles. The content on this page does not constitute financial or investment advice. We strongly encourage you to conduct you own research and consult with a qualified financial advisor before making any investment decisions.