> I created a restricted key in Stripe with lowest possible permissions, and pro... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		kykeonaut on Aug 2, 2023 \| parent \| context \| favorite \| on: The underground world of credit card network explo... > I created a restricted key in Stripe with lowest possible permissions, and prompted ChatGPT to create a script to accept the chargebacks. From my understanding, it also seems that the author submitted a Stripe API key alongside the prompt to create the scripts. This is pretty much a big security no no regardless of the permissions of the key.

pimpl on Aug 2, 2023 [–]

Author here. GPT only got minimal context it needed to run the prompt. No customer data, no IDs, definitely no API keys were passed as a prompt.

kykeonaut on Aug 2, 2023 | [–]

Ahhh ok, that sounds much more logical. I got the wrong impression :)

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact