OpenAI said that some of the data relating to its API users, such as name, email, and location, could have been compromised.
OpenAI has asked impacted users to remain vigilant for credible-looking phishing attempts
Photo Credit: Reuters
OpenAI's user data was exposed in a recent Mixpanel data breach, the company stated on Thursday. The San Francisco-based artificial intelligence (AI) giant revealed that while most of its sensitive user data, and the data of the end-users accessing ChatGPT, Sora app, and the ChatGPT Atlas browser was not exposed in this breach, some information about its application programming interface (API) users might have been leaked. The company has now started a security investigation, and OpenAI has stopped using Mixpanel services.
In a newsroom post, the AI giant detailed the data breach incident that occurred on November 9. Mixpanel's systems were hacked into by an attacker and the threat actor was able to export a dataset that also included information about OpenAI's users. However, the ChatGPT maker said that the breached dataset contained limited customer identifiable information and analytics information. Mixpanel shared the affected dataset with the AI company on November 25, stating that they were investigating the incident.
OpenAI also highlighted that its servers and products were not impacted in this data breach, and sensitive data, such as that, API requests, API usage data, passwords, credentials, API keys, payment details, or government IDs, were not compromised.
Detailing the impact OpenAI's API users should expect, the company said that user profile information associated with the use of “platform.openai.com” might have been included in the exported data. The particulars of the breach could include:
As a response, the ChatGPT maker has removed Mixpanel from its production services. It has also reviewed the affected datasets and is working with the digital analytics company and other partners to understand the full scope of the breach. “While we have found no evidence of any effect on systems or data outside Mixpanel's environment, we continue to monitor closely for any signs of misuse,” the company said.
As a preventive measure, the AI giant has requested all potentially impacted users to remain alert towards “credible-looking phishing attempts or spam.”
Catch the latest from the Consumer Electronics Show on Gadgets 360, at our CES 2026 hub.