OpenAI suffers data breach linked to Mixpanel: What you need to know
Data breach through Mixpanel analytics exposes OpenAI’s API user details, including names, emails, and IDs
OpenAI in a recent blog post shed a light on a security incident involving a third party, Mixpanel analytics. The resultant data breach exposed limited user data related to its API platform.
On November 9, 2025, Mixpanel became cognizant of the attack that gained unauthorized access to their systems and exported a dataset which contained the customers’ identifiable details and analytical information.
The security incident came to OpenAI’s knowledge when Mixpanel started to investigate. On November 25, Mixpanel shared the affected dataset with OpenAI.
As a result of data breach, the following details of users have been leaked.
User profile details associated with OpenAI platform may have been included in data exported from Mixpanel. Other types of information include:
- Name that on the API account
- Email address associated with the API account
- Approximate coarse location based on API user browser, including city, state, country
- Organization or User IDs associated with the API account
- Operating system and browser used to access the API account
- Referring websites
However, the ChatGPT users and other products were not affected in the data breach.
OpenAI also asserted that sensitive data, including API requests, chat logs, passwords, payment details, government IDs, and sensitive identification documents remained safe.
Upon hearing of the security incident, OpenAI ended the use of analytics provider Mixpanel services and reviewed all datasets involved in this leak.
According to OpenAI, the incident did not impact any systems outside of Mixpanel.
To ensure transparency, the maker of ChatGPT is pursuing security audits across its vendor ecosystems and enhancing security requirements for third-party and external vendors.
-
AI chatbots of deceased loved ones may help people cope with grief, study finds
-
FCC proposes ID checks to buy prepaid phones in US
-
Elon Musk announces plan to open-source X codebase with 'no exceptions'
-
Apple Intelligence approved in China with Alibaba’s Qwen, Baidu AI integration
-
9 new emoji coming in 2027, from pickles to meteors
-
Will Google escape $1.7 billion EU fine? Top court hears appeal
-
Google Play Store opens to rivals starting July 22
-
YouTube cracks down on low-effort content with new monetization rules
