OpenAI confirms a security incident at Mixpanel affecting limited analytics data from API accounts. No OpenAI systems, API keys, or personal credentials were compromised.
OpenAI has confirmed a security incident involving Mixpanel, a third-party analytics provider previously used for web analytics on OpenAI’s API platform, platform.openai.com. According to an official email sent to users on November 27, 2025, the breach occurred within Mixpanel’s systems and exposed only limited analytics-level data linked to API accounts.
No OpenAI Systems Compromised
OpenAI emphasized that this incident did not affect its own systems. The company confirmed that sensitive information such as API keys, passwords, chat or API request data, payment details, and government IDs were not exposed. “This was not a breach of OpenAI’s systems. No chat, API requests, API usage data, passwords, credentials, API keys, payment details, or government IDs were compromised or exposed,” the company stated.
also read:- OxygenOS 16 Update Now Live for OnePlus Nord 4: Complete…
Details of the Mixpanel Breach
Mixpanel detected the intrusion on November 9, 2025. The attacker gained unauthorized access to parts of Mixpanel’s system and exported a dataset containing limited customer-identifiable information and analytics data. Mixpanel alerted OpenAI, and after reviewing the incident, OpenAI confirmed the affected dataset included:
-
Names provided in API accounts
-
Email addresses associated with API accounts
-
Approximate coarse location based on browser usage (city, state, country)
-
Operating system and browser information
-
Referring websites
-
Organization or user IDs linked to API accounts
OpenAI responded immediately by removing Mixpanel from its production services, reviewing the affected datasets, and closely coordinating with Mixpanel and other partners to understand the full scope of the incident.
OpenAI’s Security Response
Following the review, OpenAI terminated its use of Mixpanel and initiated a broader vendor-security audit. The company stressed that ChatGPT accounts and other OpenAI services were unaffected. Session tokens, authentication tokens, and other sensitive service parameters remained secure.
Mixpanel’s Response
Jen Taylor, CEO of Mix panel, revealed that the breach stemmed from a smishing campaign targeting their systems. Mix panel immediately activated incident-response protocols, including revoking active sessions, rotating credentials, blocking malicious IP addresses, conducting forensic reviews, and engaging external cybersecurity partners to remediate the breach.
“Our team took comprehensive steps to contain unauthorized access and secure impacted user accounts,” Taylor said. “We conducted global employee password resets and forensic reviews to ensure the integrity of our systems.”
What Users Should Know
While limited analytics-level data was exposed, OpenAI assured users that no sensitive OpenAI data, including API requests or personal account credentials, was compromised. The company continues to monitor for potential misuse and is committed to maintaining transparency with its users.
This incident highlights the importance of third-party vendor security for tech companies and reinforces OpenAI’s commitment to safeguarding user data.
For More Hindi News: http://newz24india.com