OpenAI [finance:OpenAI, Inc.] recently confirmed a data breach involving its API platform users after an incident with the third-party analytics provider Mixpanel. The breach, discovered on November 9, 2025, involved unauthorized access to Mixpanel’s systems, potentially exposing limited customer data.
Data Exposed and Affected Users
The compromised information primarily affects users with API accounts and may include names, email addresses, approximate locations (city, state, country), operating system and browser details, referring websites, and organization or user IDs linked to the API accounts.
OpenAI clarified that no sensitive data such as passwords, API keys, payment details, chat histories, or authentication tokens were exposed. End users of ChatGPT and other OpenAI consumer products were not impacted by this breach.
Response and Protective Measures
OpenAI has ceased its use of Mixpanel services, thoroughly reviewed the affected datasets, and is conducting expanded security assessments across its vendor ecosystem. The company has begun directly notifying impacted API customers and urges them to be vigilant against phishing attempts and social engineering scams.
- Users should watch for suspicious emails, as stolen data could be used in phishing attacks.
- OpenAI reassures it will never request passwords, API keys, or verification codes via email or chat.
- Enabling multi-factor authentication is recommended to enhance account security.
OpenAI emphasized its commitment to privacy, trust, and transparency, and is strengthening security requirements for all partners and vendors to prevent future incidents.
