The corporate has publicly revealed a safety incident involving Mixpanel, a third-party analytics supplier beforehand used to watch exercise on platform.openai.com, the frontend for its API product.
The corporate emphasised transparency in its announcement, assuring customers that the breach didn’t compromise OpenAI’s personal methods, chat content material, API keys, passwords, credentials, or fee info.
On November 9, 2025, Mixpanel detected unauthorized entry to a portion of its methods. The attacker exported an analytics dataset that included identifiable info of some OpenAI API customers.
Investigation Findings
Mixpanel notified OpenAI concerning the state of affairs, and OpenAI launched an inner investigation. On November 25, 2025, Mixpanel confirmed the main points of the affected dataset with OpenAI.
Notably, solely customers of the API platform (platform.openai.com) had been doubtlessly impacted. Those that use ChatGPT or different OpenAI merchandise weren’t affected.
The incident concerned the next info: Identify supplied on the OpenAI API account, E mail tackle, Approximate location (metropolis, state, nation) based mostly on browser information.
Working system and browser used, Referring web sites, Group or consumer IDs linked to the account. There was no publicity of chat or API content material, passwords, fee particulars, or authorities IDs.
After studying concerning the incident, OpenAI eliminated Mixpanel from its manufacturing surroundings and carried out an intensive overview of the affected datasets.
They’re immediately notifying all organizations, directors, and customers who could have been impacted.
OpenAI said they discovered no proof that any knowledge past Mixpanel’s methods was affected, however they’re actively monitoring for any misuse.
OpenAI has ended its engagement with Mixpanel and is conducting extra safety opinions with all vendor companions, elevating its safety requirements throughout the board.
Customers ought to stay alert to potential phishing or social engineering makes an attempt, particularly given the involvement of data reminiscent of names and electronic mail addresses.
Be cautious with surprising emails or messages, particularly these containing hyperlinks or attachments. Guarantee any communications claiming to be from OpenAI come from official domains.
OpenAI won’t ever request your password, API key, or verification code by way of electronic mail or chat. For added safety, allow multi-factor authentication (MFA) in your OpenAI account.
OpenAI reaffirmed its dedication to privateness, safety, and transparency because it continues to speak overtly about such incidents.
Comply with us on Google Information, LinkedIn, and X to Get Extra On the spot Updates, Set CSN as a Most well-liked Supply in Google.
