OpenAI is notifying customers that user data tied to its developer platform was exposed after attackers broke into analytics provider Mixpanel’s systems.
The company says the incident is confined to Mixpanel’s environment and does not involve OpenAI’s own infrastructure or consumer-facing ChatGPT service. Even so, the stolen data includes enough personal and technical details to make targeted phishing and social‑engineering attacks more likely, and OpenAI has halted its use of Mixpanel while it investigates.
What data was exposed in the Mixpanel breach
Mixpanel is used on platform.openai.com to track how developers use OpenAI’s APIs. When an attacker gained unauthorized access to part of Mixpanel’s systems on November 9, they were able to export a dataset tied to that analytics feed.
OpenAI describes the exposed information as “limited customer identifiable information and analytics information” linked to API accounts, including:
| Category | Details exposed |
|---|---|
| Profile data | Names provided on platform.openai.com accounts |
| Contact data | Email addresses associated with API accounts |
| Location | Coarse, approximate location inferred from browser/IP (such as city, state, country) |
| Device and web data | Operating system, browser type, and referring website |
| Account identifiers | Organization IDs and user IDs stored with the API account |
Crucially, OpenAI says no highly sensitive data was included in the exported dataset: no passwords, API keys, account credentials, payment details, government IDs, or ChatGPT chat content and prompts.
Who is affected by the OpenAI Mixpanel incident
The breach impacts users of OpenAI’s API product on platform.openai.com, not the broader ChatGPT audience.
| User group | Impact |
|---|---|
| API organizations and developers | Profile and analytics metadata exposed via Mixpanel |
| ChatGPT web and mobile users | No impact; no chats, prompts, or account data involved |
| Payment and ID‑verified users | No payment card data or government IDs exposed |
OpenAI says it is directly notifying affected organizations, admins, and end users as it finishes reviewing the dataset shared by Mixpanel on November 25.
OpenAI and Mixpanel’s security response
Mixpanel characterizes the intrusion as the result of a “smishing” campaign detected on November 8. In response, the company says it secured affected accounts, rotated credentials, revoked active sessions, reset employee passwords, and blocked malicious IP addresses.
OpenAI’s response centers on cutting off the data pipeline and tightening vendor oversight. In a public incident note on its site, the company says:
“As part of our security investigation, we removed Mixpanel from our production services, reviewed the affected datasets, and are working closely with Mixpanel and other partners to fully understand the incident and its scope.”
The company also says it is conducting broader security reviews across all third‑party providers and plans to enforce stricter requirements for any external analytics or infrastructure tools that handle customer data.
Security and privacy risks for OpenAI API users
Even without passwords or tokens, the exposed metadata is useful to attackers. Names, emails, locations, organization IDs, and device fingerprints make it easier to craft convincing messages that impersonate OpenAI or internal admins.
OpenAI warns that the stolen data may be used in phishing and social‑engineering campaigns and urges impacted users to:
- Be suspicious of unexpected emails, DMs, or SMS messages that reference OpenAI accounts or billing.
- Verify sender domains and avoid clicking on untrusted links or attachments.
- Enable multi‑factor authentication on OpenAI and related accounts where it is available.
- Avoid sharing organization or user IDs in public code repositories or forums.
The company reiterates that it has found no evidence of any access to systems or data outside Mixpanel’s environment, but says it will keep monitoring for signs of misuse.
The incident underscores how much of modern AI infrastructure is built on third‑party analytics and telemetry, and how those integrations can expose user data even when core systems stay locked down.
