OpenAI has alerted users of its API platform about a security incident involving analytics provider Mixpanel, confirming that ChatGPT users remain unaffected. The breach occurred on November 9, 2025, when unauthorized access to Mixpanel’s systems was detected, leading to the export of limited customer and analytics information. OpenAI assured that no sensitive data, including chats, API requests, or user credentials, was compromised. The exposed data is restricted to frontend analytics, such as API account names, email addresses, and coarse location data.
In response to the incident, OpenAI has terminated its partnership with Mixpanel and is reevaluating security protocols across its vendor network. Although no account credentials were exposed, OpenAI advises users to maintain heightened vigilance. Additionally, Mixpanel’s own investigations revealed a smishing attack, prompting immediate security measures. Affected clients, including OpenAI and others like LG and Pinterest, have been notified of the situation, ensuring transparency and ongoing security enhancements.
Source link
