OpenAI Confirms Data Breach—Here's Who Is Impacted
A breach at analytics provider Mixpanel exposed account names, email addresses, and browser locations for some users of OpenAI’s API, but did not include prompts, API keys, payment information, or authentication tokens. The incident affected users who accessed OpenAI’s technology via external apps powered by GPT—not those using ChatGPT directly on OpenAI’s website. The November 8 intrusion allowed an attacker to access and export customer-identifiable metadata, including usernames, email addresses, browser-based locations, operating system, and browser details. Mixpanel responded by securing affected accounts, revoking sessions, resetting passwords, and engaging cybersecurity firms. Both companies are notifying impacted users, and OpenAI has ended its use of Mixpanel, emphasizing high standards for vendor security and privacy. The breach raises concerns about potential targeted phishing (“smishing”) attacks using the leaked data. Some OpenAI customers voiced frustration about their information being shared with a third-party analytics provider. Mixpanel has stated that customers not directly contacted were unaffected.
