OpenAI has informed ChatGPT API customers about a data breach at Mixpanel, its third-party analytics provider. The incident, caused by a smishing (SMS phishing) attack, resulted in limited identifying information exposure, including names, email addresses, and approximate locations associated with API accounts. Importantly, no sensitive data such as passwords, API keys, or financial information was compromised, alleviating concerns about immediate risks to users. Although primarily affecting API users, OpenAI has proactively notified all subscribers and removed Mixpanel from its services as a precaution. The company advises users to remain vigilant for potential phishing attempts and to enable two-factor authentication. Concurrently, Mixpanel has taken measures such as revoking sessions and securing affected accounts. OpenAI is conducting a thorough investigation while urging users to avoid sharing sensitive information through unofficial channels. For ongoing updates, users should monitor communications from OpenAI and follow recommended security practices.
Source link
