OpenAI confirms Mixpanel security breach: Exposes limited API user data, company halts service integration
OpenAI has confirmed that limited API user data was exposed following a security breach at Mixpanel. While no sensitive data, API keys, or payment information were compromised, some profile details of API users may have been included in the stolen dataset.
OpenAI, one of the leading names in the AI chatbot, has confirmed that a recent security breach at Mixpanel exposed limited information belonging to its API users. It further explained that the sensitive data from ChatGPT, Sora or the ChatGPT Atlas browser experience was not compromised. Instead, this impact is confined to some profile-level information of those who use the OpenAI API.
The issue took place after a cyberattack on Mixpanel's systems on November 9, in which an unknown threat actor succeeded in exporting a dataset containing the analytics of OpenAI's users. Mixpanel shared the details of this breach with OpenAI on November 25 as part of its own investigation.
No sensitive data compromised
It added that the servers, infrastructure and products of OpenAI remained untouched. Most importantly, the leak did not include API requests, usage logs, payment data, passwords, API keys or any government-issued identification. In short, the company sought to reassure users that core systems remain secure.
However, OpenAI reportedly mentioned that some non-sensitive user details, associated with “platform.openai.com”, might have been included in the exported dataset.
Exposed information may include email address, API account name, approximate location (city, state, country), browser and OS details, referring sites, and organisation or user IDs.
Immediate action and continuing investigation
Accordingly, OpenAI has since removed Mixpanel from all production services. The company has also reviewed the affected data and is now working closely with Mixpanel and external partners to assess the full scope of the breach.
OpenAI added that it had not found evidence of the misuse of any data outside Mixpanel's environment. However, monitoring is ongoing, and users have been advised to be on guard against suspicious emails or phishing attempts.
Users advised to stay cautious
That is why OpenAI has recommended that potentially affected users be on high alert, especially regarding what appears to be a legitimate email asking for log-in details or financial information. It also said it would post further updates when more information comes out of the investigation.