OpenAI has informed its API platform customers about a security incident involving Mixpanel, which exposed limited analytics information. The breach was contained within Mixpanel’s environment and did not compromise OpenAI’s infrastructure, ChatGPT users, or sensitive data like passwords or API keys. Mixpanel became aware of the unauthorized access on November 9 and shared a dataset with OpenAI on November 25, which included names, email addresses, and other metadata related to API accounts. OpenAI responded by removing Mixpanel from its systems and notifying affected organizations. The company is conducting comprehensive security reviews of its vendors and urges API users to remain vigilant against phishing attempts. Users should verify communications from OpenAI, avoid sharing sensitive information, and enable multi-factor authentication. Mixpanel has taken steps to secure accounts impacted by a smishing campaign detected on November 8 and has communicated with impacted customers. No action is required for password resets or API key rotations.
Source link
Share
Read more