OpenAI suffers data breach linked to Mixpanel: What you need to know

OpenAI in a recent blog post shed a light on a security incident involving a third party, Mixpanel analytics. The resultant data breach exposed limited user data related to its API platform.

On November 9, 2025, Mixpanel became cognizant of the attack that gained unauthorized access to their systems and exported a dataset which contained the customers’ identifiable details and analytical information.

The security incident came to OpenAI’s knowledge when Mixpanel started to investigate. On November 25, Mixpanel shared the affected dataset with OpenAI.

As a result of data breach, the following details of users have been leaked.

User profile details associated with OpenAI platform may have been included in data exported from Mixpanel. Other types of information include:

• Name that on the API account
• Email address associated with the API account
• Approximate coarse location based on API user browser, including city, state, country
• Organization or User IDs associated with the API account
• Operating system and browser used to access the API account
• Referring websites

However, the ChatGPT users and other products were not affected in the data breach.

OpenAI also asserted that sensitive data, including API requests, chat logs, passwords, payment details, government IDs, and sensitive identification documents remained safe.

Upon hearing of the security incident, OpenAI ended the use of analytics provider Mixpanel services and reviewed all datasets involved in this leak.

According to OpenAI, the incident did not impact any systems outside of Mixpanel.

To ensure transparency, the maker of ChatGPT is pursuing security audits across its vendor ecosystems and enhancing security requirements for third-party and external vendors.