OpenAI

Threat actors breached Mixpanel, a third-party analytics service used by OpenAI, exposing personally identifiable information (PII) of OpenAI’s customers. The compromised data includes names, email addresses, approximate coarse locations (e.g., city or region), device details (operating system and browser), browsing history (websites visited), and organization or user IDs linked to OpenAI’s API accounts. While the breach did not involve highly sensitive financial or health-related data, the exposure of such PII—particularly email addresses, locations, and API-associated identifiers—poses risks of targeted phishing, identity profiling, or unauthorized access to linked services. The incident highlights vulnerabilities in third-party dependencies and the cascading impact on clients like OpenAI, whose users’ trust and operational security may be undermined by the leak. No ransomware was involved, but the scale of exposed data could enable follow-on attacks or reputational harm.

Source: https://www.deccanherald.com/technology/artificial-intelligence/mixpanel-data-breach-exposes-openai-clients-details-including-location-3812072

deepsense.ai cybersecurity rating report: https://www.rankiteo.com/company/deepsense-ai

"id": "DEE1534415112725",
"linkid": "deepsense-ai",
"type": "Breach",
"date": "5/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'industry': 'Artificial Intelligence',
                        'name': 'OpenAI',
                        'type': 'Organization'},
                       {'industry': 'Data Analytics / SaaS',
                        'name': 'Mixpanel',
                        'type': 'Organization (Third-party analytics '
                                'provider)'}],
 'data_breach': {'data_exfiltration': 'Yes (data obtained by threat actors)',
                 'personally_identifiable_information': 'Yes',
                 'sensitivity_of_data': 'High (includes PII and organizational '
                                        'identifiers)',
                 'type_of_data_compromised': ['Personally identifiable '
                                              'information (PII)',
                                              'Names',
                                              'Email IDs',
                                              'Approximate coarse location',
                                              'Operating System details',
                                              'Browser information',
                                              'Web browsing history',
                                              'Organisation IDs',
                                              'User IDs (API accounts)']},
 'description': 'Threat actors have obtained personally identifiable data of '
                'OpenAI customers, including the name, email IDs, approximate '
                'coarse location, Operating System of the device and browser '
                'used by the person, websites browsed, and organisation or '
                'User IDs associated with the API accounts.',
 'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
                                       'exposure of sensitive customer data',
            'data_compromised': ['Personally identifiable information (PII)',
                                 'Names',
                                 'Email IDs',
                                 'Approximate coarse location',
                                 'Operating System details',
                                 'Browser information',
                                 'Websites browsed',
                                 'Organisation IDs',
                                 'User IDs (API accounts)'],
            'identity_theft_risk': 'High (due to exposure of PII including '
                                   'names, emails, and location data)'},
 'title': "Mixpanel Data Breach Exposes OpenAI Clients' Details",
 'type': 'Data Breach'}