OpenAI API Users Hit With Third-Party Security Breach

The company has removed Mixpanel from its production services.

MITSloan ME Editorial

Topics

  • News

    1. UAE Approves National Encryption Policy for a Post-Quantum Shift

    2. OpenAI API Users Hit With Third-Party Security Breach

    3. Uber and WeRide Launch First Driverless Robotaxi Service Outside the U.S. and China

    4. UAE Unveils Its First Marketplace for Buying and Trading Trademarks

    5. ACI Flags Sharp Rise in ‘Friendly Fraud’ as Thanksgiving–Cyber Monday Spike Looms

    6. WhatsApp’s AI Clampdown to Send Microsoft Copilot Packing by Jan 2026

    • [Image source: Chetan Jha/MITSMR Middle East]

    OpenAI has notified that a security incident at its data analytics partner Mixpanel earlier this month may have exposed limited personal data belonging to some of its API product users.

    The incident took place within Mixpanel’s systems. Meanwhile, users of ChatGPT and other products were not impacted.

    “This was not a breach of OpenAI’s systems. No chat, API requests, API usage data, passwords, credentials, API keys, payment details, or government IDs were compromised or exposed,” the official blog read.

    What Happened?

    On November 9, Mixpanel became aware that an attacker had gained unauthorized access to part of its system and had exported a dataset containing limited customer-identifiable information and analytics.

    OpenAI was notified of the investigation, and the affected dataset was shared on November 25, 2025.

    The potentially affected information was limited to the name provided on the API account, the email address linked to that account, and an approximate coarse location derived from the user’s browser—such as city, state, and country. It may also have included details about the operating system and browser used to access the account, referring websites, and any organization or user IDs associated with the API account.

    OpenAI has removed Mixpanel from its production services.

    “While we have found no evidence of any effect on systems or data outside Mixpanel’s environment, we continue to monitor closely for any signs of misuse,” the blog read.

    The ChatGPT-maker warned that the information can be misused and “could be used as part of phishing or social engineering attacks against you or your organization.”

    The AI startup reassured that no OpenAI passwords, API keys, payment information, government IDs, or account access credentials were impacted.

    Topics

    About the Author


    View More

    Tags:

    More Like This

    You must to post a comment.

    First time here? : Comment on articles and get access to many more articles.