OpenAI has ended its use of analytics provider Mixpanel after a security incident in which API user data was exported. The incident took place within Mixpanel’s systems and did not affect ChatGPT users.
On November 9, Mixpanel discovered that an attacker had gained unauthorized access to parts of its systems. The attacker exported a dataset containing limited customer identification data and analytics data. Mixpanel informed OpenAI about the investigation and shared the affected dataset on November 25.
The data breach occurred in Mixpanel’s systems, which OpenAI used for web analytics on the API platform platform.openai.com. OpenAI’s own systems were not affected. Chat conversations, API calls, API usage data, passwords, credentials, API keys, payment details, and government identification documents were not compromised or exposed.
Leaked user data
The exported Mixpanel data included user profile information linked to use of platform.openai.com. This includes names provided to the API account, email addresses associated with the API account, estimated location based on API users’ browsers (city, state, country), operating system and browser used to access the API account, referring websites, and organization or user IDs associated with the API account.
OpenAI has removed Mixpanel from its production services and is reviewing the affected datasets. The company is working closely with Mixpanel and other partners to understand the incident. OpenAI is notifying affected orga
Source: https://www.techzine.eu/news/security/136774/openai-sees-api-data-breach-via-mixpanel-hack/
TPRM report: https://www.rankiteo.com/company/top-road-gpt-tools
"id": "top1764300909.026341",
"linkid": "top-road-gpt-tools",
"type": "Breach",
"date": "2025-11-27T00:00:00.000Z",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'incident': {'affected_entities': [{'customers_affected': 'API users of '
'platform.openai.com '
'(specific number '
'not disclosed)',
'industry': 'Artificial Intelligence',
'location': 'San Francisco, California, '
'USA',
'name': 'OpenAI',
'size': None,
'type': 'Technology Company'},
{'customers_affected': None,
'industry': 'Data Analytics',
'location': None,
'name': 'Mixpanel',
'size': None,
'type': 'Analytics Provider'}],
'customer_advisories': 'Affected organizations (e.g., API users) '
'being notified by OpenAI',
'data_breach': {'data_encryption': None,
'data_exfiltration': True,
'file_types_exposed': None,
'number_of_records_exposed': None,
'personally_identifiable_information': ['Names',
'Email '
'addresses',
'Estimated '
'geographic '
'location',
'Organization/user '
'IDs'],
'sensitivity_of_data': 'Moderate (no highly '
'sensitive PII; limited '
'to API account metadata)',
'type_of_data_compromised': ['User profile '
'information',
'Analytics data']},
'date_detected': '2023-11-09',
'description': 'OpenAI terminated its use of analytics provider '
'Mixpanel following a security incident where an '
'attacker gained unauthorized access to '
'Mixpanel’s systems and exported a dataset '
'containing limited OpenAI API user data. The '
'breach did not affect OpenAI’s own systems or '
'ChatGPT users. Compromised data included user '
'profile information such as names, email '
'addresses, estimated locations, OS/browser '
'details, referring websites, and '
'organization/user IDs linked to '
'platform.openai.com. No sensitive data (e.g., '
'passwords, API keys, payment details, or '
'government IDs) was exposed.',
'impact': {'brand_reputation_impact': 'Potential reputational '
'risk due to third-party '
'breach affecting user '
'trust',
'conversion_rate_impact': None,
'customer_complaints': None,
'data_compromised': ['Names (API account)',
'Email addresses (API account)',
'Estimated location (city, '
'state, country)',
'Operating system and browser '
'details',
'Referring websites',
'Organization or user IDs (API '
'account)'],
'downtime': None,
'financial_loss': None,
'identity_theft_risk': 'Low (no sensitive PII like '
'passwords or government IDs '
'exposed)',
'legal_liabilities': None,
'operational_impact': 'OpenAI removed Mixpanel from '
'production services; reviewing '
'affected datasets',
'payment_information_risk': 'None',
'revenue_loss': None,
'systems_affected': ['Mixpanel’s analytics systems']},
'initial_access_broker': {'backdoors_established': None,
'data_sold_on_dark_web': None,
'entry_point': None,
'high_value_targets': None,
'reconnaissance_period': None},
'investigation_status': 'Ongoing (OpenAI reviewing datasets with '
'Mixpanel)',
'post_incident_analysis': {'corrective_actions': ['Terminated '
'Mixpanel '
'integration',
'Dataset '
'review'],
'root_causes': None},
'ransomware': {'data_encryption': None,
'data_exfiltration': True,
'ransom_demanded': None,
'ransom_paid': None,
'ransomware_strain': None},
'references': [{'date_accessed': None,
'source': 'OpenAI/Mixpanel Incident Disclosure',
'url': None}],
'regulatory_compliance': {'fines_imposed': None,
'legal_actions': None,
'regulations_violated': None,
'regulatory_notifications': None},
'response': {'adaptive_behavioral_waf': None,
'communication_strategy': ['Notifying affected '
'organizations (e.g., '
'OpenAI API users)'],
'containment_measures': ['Terminated use of '
'Mixpanel in production '
'services'],
'enhanced_monitoring': None,
'incident_response_plan_activated': True,
'law_enforcement_notified': None,
'network_segmentation': None,
'on_demand_scrubbing_services': None,
'recovery_measures': None,
'remediation_measures': ['Reviewing affected '
'datasets',
'Collaborating with '
'Mixpanel for '
'investigation'],
'third_party_assistance': ['Mixpanel',
'Other partners '
'(unspecified)']},
'stakeholder_advisories': 'OpenAI notifying affected API users',
'title': 'Mixpanel Security Incident Affecting OpenAI API User '
'Data',
'type': ['Data Breach', 'Unauthorized Access']}}