OpenAI has begun notifying users about a recent data breach that occurred due to a hack of the third-party analytics service Mixpanel, which was utilized on the API platform – platform.openai.com. This incident did not affect ChatGPT users but did impact API account holders, as reported by Windows Central.

According to the notice received by users, the following information was exposed:

  • the name listed in the API profile;
  • email address;
  • approximate location (determined by IP);
  • operating system and browser;
  • referrer sites;
  • organization and user IDs within the OpenAI system.

OpenAI emphasizes that no chats, API requests, usage history, passwords, API keys, payment details, or verification documents were compromised. The company states that this was not a breach of its own infrastructure – the leak occurred within Mixpanel.

According to OpenAI, Mixpanel:

  • detected unauthorized access to its systems on November 9;
  • provided OpenAI with a copy of the stolen data set on November 25;
  • confirmed that the incident pertained solely to the analytical information of API users.

OpenAI has suspended its integration with Mixpanel and urged users to be cautious of phishing attempts, as the stolen information may be used in such attacks.

This incident has reignited concerns about privacy among ChatGPT and API users. While user data was not harmed, experts stress that the company handles a significant amount of sensitive information, and such leaks could undermine trust in its services for both businesses and everyday users.

10106 image for slide
zoom Created with Sketch Beta.